On Nov 17, 2023, at 12:04, Ray Bellis <r...@bellis.me.uk> wrote: > > > >> On 17/11/2023 10:41, Paul Wouters wrote: >> >> I think it would be unwise to make assumptions on how people will use >> this feature. They might want to ask for many more records along with >> A/AAAA records. If we change a core DNS feature, it should not designed >> for a specific DNSSD use case of HTTPS. > > The extension is already limited to a maximum of 7 additional QTYPES, and > some might argue that that's too many. A consideration here is the > opportunity for amplification.
I think the artificial limit should not be there. Amplification is handled by source validation, eg allow for TCP or after sending DNS COOKIES. > The main DNSSD use case is TXT+SRV. A+AAAA+HTTPS was an example of a future > use case that might be popular outside of DNSSD, and where NSEC bitmaps are > not efficient. I find the efficiently argument not very relevant if we are asking potential blobs of public keys etc, eg for ECH. > I'd also say that this is an extension - it does not change any existing core > DNS features. It's 100% backwards compatible. To me it’s generic, it’s not a very specific focused use case that is only valid in the context of dnssd. Paul _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop