Some comments:
* We should define what TLS SNI value gets sent. Perhaps the first value
of "domain-to-match" when present, but preferably the hostname of the URL
when it's not an IP?
* Should clients consider the templates list to be ordered or unordered?
We may wish to define the behavior for handling multiple entries. (A
common case might be both an IPv6 and IPv4 address. Some clients might
only have only one of those, so would need to filter appropriately, and
operators may wish to specify an ordering preference such as
IPv6-preferred.)
* It would be worth a conversation with the people working on PvD in
IntArea to see if there is some alignment (eg, in-terms of JSON practices,
and perhaps even with PvDs being able to include or reference a
resolver-information block). There might be a path here that could also
help with the split-horizon case.
* With the draft-sah-resolver-information framework, we may wish to also
have an attribute or draft for specifying the DNS64 prefix to allow
client-side DNS64 synthesis. (On the other hand, there are also drafts to
send this via an RA option as well as some other paths in-addition to other
mechanisms. So perhaps another mechanism isn't needed.)
Erik
On Wed, May 22, 2019 at 6:30 PM Paul Hoffman <paul.hoff...@icann.org> wrote:
> Greetings again. Based on the input from the DNSOP and DOH lists, we
> revised draft-sah-resolver-information. We also created a new draft,
> draft-sah-resinfo-doh, to cover the main use case we have for getting
> information from a resolver, namely to get the DoH URI template and
> authentication information.
>
> >From the mailing list traffic, it seems like some of y'all only care
> about getting resolver information from DNS (hopefully DNSSEC-signed),
> while others are fine to use HTTPS with web PKI authentication,
> particularly when DNSSEC signing is not possible. We have left both methods
> in the main draft.
>
> We encourage more input.
>
> --Paul Hoffman
>
> ======
> Title : DNS Resolver Information Self-publication
> Authors : Puneet Sood
> Roy Arends
> Paul Hoffman
> Filename : draft-sah-resolver-information-01.txt
> Pages : 9
> Date : 2019-05-22
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-sah-resolver-information/
>
> ======
> Title : DNS Resolver Information: "doh"
> Authors : Puneet Sood
> Roy Arends
> Paul Hoffman
> Filename : draft-sah-resinfo-doh-00.txt
> Pages : 5
> Date : 2019-05-22
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-sah-resinfo-doh/
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
