On 08/03/2019 14:28, Paul Wouters wrote:

But assigned and left completely opague is not really suitable for
"heterogenous off-the-shelf software". These different vendors must
understand the meaning of the opaque data even if their functionality
can be non-standard.
No, it does *not* require that at all.

We very careful referred to the *operators* of the software in the draft, not the implementors.
The intention is that software operators can define rules in their 
configuration files such that *they* determine which values have what 
meaning.    Just like how a BGP router can use BGP communities within 
routing policy maps.
In the load-balancer case, they might decide to use a few bits to select 
one of several RPZ feeds, or perhaps a view, without having to pass the 
client IP for the use a "source match" ACL to the backend.
They might decide to use another bit to indicate that the client is 
trusted such that the server doesn't need to apply RRL.
Granted this will need some form of representation in whatever 
configuration syntax is in use, but that would be implementation 
dependent.   The minimal implementation would just need to be able to 
test "tag & mask == value".
Ray

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to