Re: [dnsext] draft-mohan-dns-query-xml-00.txt
Paul Vixie <vixie@isc.org> Sat, 01 October 2011 17:33 UTC
Return-Path: <vixie@isc.org>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3210D21F907A for <dnsext@ietfa.amsl.com>; Sat, 1 Oct 2011 10:33:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.5
X-Spam-Level:
X-Spam-Status: No, score=-2.5 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W8DYhfq-FnWt for <dnsext@ietfa.amsl.com>; Sat, 1 Oct 2011 10:33:39 -0700 (PDT)
Received: from ss.vix.com (ss.vix.com [IPv6:2001:559:8000:cb::2]) by ietfa.amsl.com (Postfix) with ESMTP id A40AC21F9079 for <dnsext@ietf.org>; Sat, 1 Oct 2011 10:33:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at redbarn.org
Received: from ww.vix.com (ww.vix.com [IPv6:2001:559:8000:cb:215:17ff:fed4:730a]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ss.vix.com (Postfix) with ESMTPS id 517ECEE51C for <dnsext@ietf.org>; Sat, 1 Oct 2011 17:36:28 +0000 (UTC) (envelope-from vixie@isc.org)
From: Paul Vixie <vixie@isc.org>
Organization: Internet Systems Consortium
To: dnsext@ietf.org
Date: Sat, 01 Oct 2011 17:36:27 +0000
User-Agent: KMail/1.13.5 (FreeBSD/8.1-RELEASE; KDE/4.4.5; amd64; ; )
References: <CACU5sDnBx5AijEgFXKNPjtcVdtBnBJamsn-f_ye0Jm3TQq0mvw@mail.gmail.com> <201110010458.26859.vixie@isc.org> <D3890C96-DA07-4BA1-AB57-1A81EA2ED477@icsi.berkeley.edu>
In-Reply-To: <D3890C96-DA07-4BA1-AB57-1A81EA2ED477@icsi.berkeley.edu>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201110011736.27664.vixie@isc.org>
Subject: Re: [dnsext] draft-mohan-dns-query-xml-00.txt
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Oct 2011 17:33:40 -0000
On Saturday, October 01, 2011 03:01:33 pm Nicholas Weaver wrote: > > A side benefit of this is, the UPDATE opcode gets easy. > > Use GET, but if you want it to get through the most busted of web caches, > do the following: why "use GET"? if POST allows us to send a dns message as post-body, which could either be a query or an update, then why would we prefer GET? > And I'd have the return value be JSON rather than raw DNS on the wire. > Why? > > Because since the point is validating DNSSEC, the HTTP-server should not > just return the record asked for, but the whole signature chain that it > has. Since this is more information than a normal DNS reply, it might > benefit from a new encoding. i've got a draft in production that adds an EDNS option "send chain" where the option payload is any ancestor of the QNAME and indicates the requestor's deepest validated trusted domain name. this will solicit a longer trust chain (all the RRSIG, DNSKEY, DS RRs) between this ancestor and the QNAME. it is something i'd like for UDP/53 whenever ip fragmentation is working, and something i'd like for TCP/53 whenever that's not firewalled out. it could also be used in DNS-over-HTTP, assuming that we allow transmission of full DNS messages in both directions (therefore, using POST). in other words i don't see this as HTTP-specific which is why it's not in this draft.
- [dnsext] draft-mohan-dns-query-xml-00.txt Mohan Parthasarathy
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Wouters
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Ted Hardie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mohan Parthasarathy
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Nicholas Weaver
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mohan Parthasarathy
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Wilmer van der Gaast
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Hoffman
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mohan Parthasarathy
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mohan Parthasarathy
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Wilmer van der Gaast
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Nicholas Weaver
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Aki Tuomi
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Tony Finch
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Olaf Kolkman
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Ted Hardie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mohan Parthasarathy
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Robert Edmonds
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Wessels, Duane
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Jakob Schlyter
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Patrik Fältström
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Vixie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Colm MacCárthaigh
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Nicholas Weaver
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Colm MacCárthaigh
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Hoffman
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Wouters
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Vixie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Vixie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Nicholas Weaver
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Alex Bligh
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Nicholas Weaver
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt David Conrad
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Masataka Ohta
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Masataka Ohta
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Nicholas Weaver
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Brian Dickson
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Masataka Ohta
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Nicholas Weaver
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Nicholas Weaver
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Masataka Ohta
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Tony Finch
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Vixie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Wessels, Duane
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Vixie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Hoffman
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Ted Hardie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Wessels, Duane
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Vixie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Alex Bligh
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Vixie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mohan Parthasarathy
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Ted Hardie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Masataka Ohta
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mark Andrews
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mohan Parthasarathy
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mark Andrews
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mohan
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mark Andrews
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mohan Parthasarathy
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mark Andrews
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Tony Finch
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Alex Bligh
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Tony Finch
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Måns Nilsson
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mark Andrews
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Tony Finch
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mohan Parthasarathy
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Michael Sheldon
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Paul Vixie
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Ray Bellis
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Brian Dickson
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Michael Sheldon
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mark Andrews
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Masataka Ohta
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Mark Andrews
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt Masataka Ohta
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt David Conrad
- Re: [dnsext] draft-mohan-dns-query-xml-00.txt bmanning
- [dnsext] Related to section 5.1 of dnssec-bis-upd… Edward Lewis
- Re: [dnsext] Related to section 5.1 of dnssec-bis… Samuel Weiler
- Re: [dnsext] Related to section 5.1 of dnssec-bis… Olafur Gudmundsson
- Re: [dnsext] Related to section 5.1 of dnssec-bis… Mohan Parthasarathy
- Re: [dnsext] Related to section 5.1 of dnssec-bis… Mark Andrews
- Re: [dnsext] Related to section 5.1 of dnssec-bis… W.C.A. Wijngaards
- Re: [dnsext] Related to section 5.1 of dnssec-bis… W.C.A. Wijngaards
- Re: [dnsext] Related to section 5.1 of dnssec-bis… Samuel Weiler
- Re: [dnsext] Related to section 5.1 of dnssec-bis… Mark Andrews
- Re: [dnsext] Related to section 5.1 of dnssec-bis… Mark Andrews
- Re: [dnsext] Related to section 5.1 of dnssec-bis… W.C.A. Wijngaards
- Re: [dnsext] Related to section 5.1 of dnssec-bis… Edward Lewis
- Re: [dnsext] Related to section 5.1 of dnssec-bis… Mark Andrews