Re: [DNSOP] A conversational description of sentinel.

> > Fine. Now we need to have something actionable, e.g. set of names for > Geoff to test. The first test I’ve undertaken is to test two name forms in an ad campaign over the past few days: heres an example of the test: xm--u82aa292f-c13-s1518066940-i

Re: [DNSOP] A conversational description of sentinel.

> On Feb 7, 2018, at 6:13 AM, Benno Overeinder wrote: > > On 07/02/2018 10:12, Warren Kumari wrote: >> Whoops, last message was blank; finger fail. >> >> >> On Wed, Feb 7, 2018 at 3:57 AM, Warren Kumari wrote: >>> On Wed, Feb 7, 2018 at 2:15 AM, Petr

Re: [DNSOP] A conversational description of sentinel.

On Wed, Feb 7, 2018 at 6:13 AM, Benno Overeinder wrote: > On 07/02/2018 10:12, Warren Kumari wrote: > > Whoops, last message was blank; finger fail. > > > > > > On Wed, Feb 7, 2018 at 3:57 AM, Warren Kumari wrote: > >> On Wed, Feb 7, 2018 at 2:15 AM, Petr

Re: [DNSOP] A conversational description of sentinel.

On 07/02/2018 10:12, Warren Kumari wrote: > Whoops, last message was blank; finger fail. > > > On Wed, Feb 7, 2018 at 3:57 AM, Warren Kumari wrote: >> On Wed, Feb 7, 2018 at 2:15 AM, Petr Špaček wrote: >>> >>> Fine. Now we need to have something

Re: [DNSOP] A conversational description of sentinel.

Whoops, last message was blank; finger fail. On Wed, Feb 7, 2018 at 3:57 AM, Warren Kumari wrote: > On Wed, Feb 7, 2018 at 2:15 AM, Petr Špaček wrote: >> >> >> On 6.2.2018 17:13, Paul Hoffman wrote: >>> On 6 Feb 2018, at 8:04, Petr Špaček wrote: >>>

Re: [DNSOP] A conversational description of sentinel.

On Wed, Feb 7, 2018 at 2:15 AM, Petr Špaček wrote: > > > On 6.2.2018 17:13, Paul Hoffman wrote: >> On 6 Feb 2018, at 8:04, Petr Špaček wrote: >> >>> On 6.2.2018 13:22, Tony Finch wrote: A. Schulze wrote: > > Yes,

Re: [DNSOP] A conversational description of sentinel.

On 6.2.2018 17:13, Paul Hoffman wrote: > On 6 Feb 2018, at 8:04, Petr Špaček wrote: > >> On 6.2.2018 13:22, Tony Finch wrote: >>> A. Schulze wrote: Yes, "kskroll-sentinel-is-ta-" is more descriptive and specific. I also prefer that longer variant. >>>

Re: [DNSOP] A conversational description of sentinel.

On 6 Feb 2018, at 8:31, Joe Abley wrote: Some other RFC numbers were clearly reserved for specific documents in the past (e.g. see RFC 2821/2, obsoleting RFC 821/2) but perhaps those were special cases. It was special, and very much regretted by the RFC Editor at the time. This badly

Re: [DNSOP] A conversational description of sentinel.

On 6 Feb 2018, at 11:04, Petr Špaček wrote: > On 6.2.2018 13:22, Tony Finch wrote: >> A. Schulze wrote: >> >>> Yes, "kskroll-sentinel-is-ta-" is more descriptive and specific. >>> I also prefer that longer variant. >> >> Yes, more friendly for

Re: [DNSOP] A conversational description of sentinel.

On 2/6/18 8:13 AM, Paul Hoffman wrote: > On 6 Feb 2018, at 8:04, Petr Špaček wrote: > >> On 6.2.2018 13:22, Tony Finch wrote: >>> A. Schulze wrote: Yes, "kskroll-sentinel-is-ta-" is more descriptive and specific. I also prefer that longer variant. >>>

Re: [DNSOP] A conversational description of sentinel.

On 6 Feb 2018, at 8:04, Petr Špaček wrote: On 6.2.2018 13:22, Tony Finch wrote: A. Schulze wrote: Yes, "kskroll-sentinel-is-ta-" is more descriptive and specific. I also prefer that longer variant. Yes, more friendly for web searches if someone is wondering

Re: [DNSOP] A conversational description of sentinel.

On 6.2.2018 13:22, Tony Finch wrote: > A. Schulze wrote: >> >> Yes, "kskroll-sentinel-is-ta-" is more descriptive and specific. >> I also prefer that longer variant. > > Yes, more friendly for web searches if someone is wondering about weird > queries. Bonus points

Re: [DNSOP] A conversational description of sentinel.

On 2018-02-05 14:18 -0500, Geoff Huston wrote: > I thought this was due to some concern over the wording in RFC (some > IDN > RFC whose number I can’t recall right now!) over a comment that the UC label > should not contain the starting sequence " - -” RFC5890 point 2.3.1 To facilitate

Re: [DNSOP] A conversational description of sentinel.

A. Schulze wrote: > > Yes, "kskroll-sentinel-is-ta-" is more descriptive and specific. > I also prefer that longer variant. Yes, more friendly for web searches if someone is wondering about weird queries. Tony. -- f.anthony.n.finch http://dotat.at/

Re: [DNSOP] A conversational description of sentinel.

Paul Hoffman: I think Tony's idea is likely fine, but I also think kskroll-sentinel-is-ta- is perfectly fine as well. Yes, "kskroll-sentinel-is-ta-" is more descriptive and specific. I also prefer that longer variant. Andreas ___ DNSOP

Re: [DNSOP] A conversational description of sentinel.

On 5 Feb 2018, at 11:18, Geoff Huston wrote: On 5 Feb 2018, at 11:47 pm, Tony Finch wrote: Geoff Huston wrote: if not underscores and IF “xm—“ as a leading substring is not acceptable for some reason, then what label format would be acceptable for this

Re: [DNSOP] A conversational description of sentinel.

> On 5 Feb 2018, at 11:47 pm, Tony Finch wrote: > > Geoff Huston wrote: >> >> if not underscores and IF “xm—“ as a leading substring is not acceptable for >> some reason, then what label format would be acceptable for this >> measure? > > Maybe put the -- in

Re: [DNSOP] A conversational description of sentinel.

Geoff Huston wrote: > > if not underscores and IF “xm—“ as a leading substring is not acceptable for > some reason, then what label format would be acceptable for this > measure? Maybe put the -- in the middle somewhere? e.g. is-ta-- not-ta-- Tony. -- f.anthony.n.finch

Re: [DNSOP] A conversational description of sentinel.

On 04/02/2018 22:35, Petr Špaček wrote: > Underscore is now out of the question because we know about the > Android/Chrome problem se might test alternative labels. I don't think that's necessarily true. It may just mean that there's an additional set of possible responses that the draft needs

Re: [DNSOP] A conversational description of sentinel.

On 02/02/2018 04:45 PM, Warren Kumari wrote: > were **NOT** able to fetch the "underscore" record > were able to fetch the "dashdash" record Current Firefox 58.0.1 and old Chromium 61.0.3163.79, Linux, same result.  The system resolver does fetch _www.ksk-test.net. OK.  (I can't say I understand

Re: [DNSOP] A conversational description of sentinel.

> > Now when I see that this kind of problems is real, it is probably the > right time to ask Geoff to use his tools and get some data from large > scale measurement... > > Underscore is now out of the question because we know about the > Android/Chrome problem se might test alternative labels.

Re: [DNSOP] A conversational description of sentinel.

On Fri, Feb 2, 2018 at 4:41 AM, Petr Špaček wrote: > On 2.2.2018 09:32, Mark Andrews wrote: >> This isn’t about whether name servers load A records with non LDH names >> as they all can. >> >> The real question is do the name lookup api’s in the web browsers barf >> on non

Re: [DNSOP] A conversational description of sentinel.

On 2.2.2018 09:32, Mark Andrews wrote: > This isn’t about whether name servers load A records with non LDH names > as they all can. > > The real question is do the name lookup api’s in the web browsers barf > on non IDN, non LDH names since that is the mechanism being proposed > for people to

Re: [DNSOP] A conversational description of sentinel.

On 02/02/2018 08:32, Mark Andrews wrote: > The real question is do the name lookup api’s in the web browsers barf > on non IDN, non LDH names since that is the mechanism being proposed > for people to test this. +1 - that's my concern too. The browsers that refuse to accept an underscore

Re: [DNSOP] A conversational description of sentinel.

This isn’t about whether name servers load A records with non LDH names as they all can. The real question is do the name lookup api’s in the web browsers barf on non IDN, non LDH names since that is the mechanism being proposed for people to test this. Mark > On 2 Feb 2018, at 6:50 pm, Petr

Re: [DNSOP] A conversational description of sentinel.

On 2.2.2018 07:55, A. Schulze wrote> Paul Hoffman: >> My preference is #1 because, in general, a label starting with _ has >> been meant for infrastructure, and that's what these labels are. >> Others might like #2 so they don't have to add configuration to BIND >> (and maybe other authoritative

Re: [DNSOP] A conversational description of sentinel.

Paul Hoffman: My preference is #1 because, in general, a label starting with _ has been meant for infrastructure, and that's what these labels are. Others might like #2 so they don't have to add configuration to BIND (and maybe other authoritative servers). just checked, my NSD and

Re: [DNSOP] A conversational description of sentinel.

On 1 Feb 2018, at 16:48, Geoff Huston wrote: I’ve reviewed the (lengthening) thread on this draft, but while I saw posted objections to the use of “xm—" as the initial part of the left-most label here, I did not see any concrete alternate proposals. So on the assumption that I must’ve missed

Re: [DNSOP] A conversational description of sentinel.

rather than a conversational description, could someone perhaps produce a flow chart or pascal-style flow diagram of each actor's decision tree? i am lost. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] A conversational description of sentinel.

> On 2 Feb 2018, at 7:56 am, Paul Hoffman wrote: > > On 1 Feb 2018, at 12:20, Geoff Huston wrote: > >> What about if the sentinel spec proposes to use a left-most label of the >> form(s): >> >>xm—-is-ta-[key] >> >> and >> >> xm—-not-ta-[key] >> >> >> would

Re: [DNSOP] A conversational description of sentinel.

On 1 Feb 2018, at 12:20, Geoff Huston wrote: What about if the sentinel spec proposes to use a left-most label of the form(s): xm—-is-ta-[key] and xm—-not-ta-[key] would this form of hostname be a reasonable way forward? This was discussed in a different thread in the WG a few

Re: [DNSOP] A conversational description of sentinel.

On Fri, Feb 02, 2018 at 07:20:45AM +1100, Geoff Huston wrote: > What about if the sentinel spec proposes to use a left-most label of the > form(s): > > xm—-is-ta-[key] > > and > >xm—-not-ta-[key] > > > would this form of hostname be a reasonable way forward? Only if you want to

Re: [DNSOP] A conversational description of sentinel.

> On 26 Jan 2018, at 3:17 am, Paul Hoffman wrote: > > On 25 Jan 2018, at 7:36, Warren Kumari wrote: > >> On Thu, Jan 25, 2018 at 10:10 AM, Tony Finch wrote: >>> Isn't this going to cause problems with software that checks hostname >>> syntax? > > Yes.

Re: [DNSOP] A conversational description of sentinel.

On Thu, Jan 25, 2018 at 10:10 AM, Tony Finch wrote: > (catching up on old messages) > > Warren Kumari wrote (and I liberally snipped): >> >> I publish this in my a zone: >> >> _is-ta-12345.example.com. 600 IN A 192.0.2.1 >>

Re: [DNSOP] A conversational description of sentinel.

(catching up on old messages) Warren Kumari wrote (and I liberally snipped): > > I publish this in my a zone: > > _is-ta-12345.example.com. 600 IN A 192.0.2.1 > _is-ta-12345.example.com. 600 IN RRSIG A > > I now tell users to please browse to

Re: [DNSOP] A conversational description of sentinel.

On Mon, Jan 15, 2018 at 7:22 AM william manning wrote: > your wrote,: "​In the real world, the user will not be expected to figure > this out [...] -- a bit of JS on www.example.com will do the 3 fetches > and report "You'll be just fine", "You will have issues, call

Re: [DNSOP] A conversational description of sentinel.

Hi Warren, all, On 15-01-18 02:51, Warren Kumari wrote: > The (new) rules: > A: If the qname starts with _is-ta, and the included keyid is *NOT* in > the trust store, the resolver changes the answer to a SERVFAIL > (otherwise things proceed normally). > B: If the qname starts with _not-ta and the

Re: [DNSOP] A conversational description of sentinel.

On 15 Jan 2018, at 07:22, KenM wrote: > I think its a bit sad that for the DNS to work, one now needs to run http[s] > and JS. So much for stand alone protocols. Now if you could show how this > works without JS or HTTP, then we might be getting somewhere. We

Re: [DNSOP] A conversational description of sentinel.

your wrote,: "​In the real world, the user will not be expected to figure this out [...] -- a bit of JS on www.example.com will do the 3 fetches and report "You'll be just fine", "You will have issues, call your ISP and get them to install the new key" or "Sorry, cannot tell.​ Call your ISP and

Re: [DNSOP] A conversational description of sentinel.

Hi Warren, On 14 Jan 2018, at 20:51, Warren Kumari wrote: > I had a conversation with a friend earlier today, who had carefully read the > document​ > (https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/)​, but > had not managed to understand it at all​.​

[DNSOP] A conversational description of sentinel.

Hi all, I had a conversation with a friend earlier today, who had carefully read the document ​ (https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/)​ , but had not managed to understand it at all ​.​ ​Since this friend is bright, and really understand ​s​ DNS, I figured that the