On Nov 17, 2023, at 12:04, Ray Bellis <r...@bellis.me.uk> wrote:
> 
> 
> 
>> On 17/11/2023 10:41, Paul Wouters wrote:
>> 
>> I think it would be unwise to make assumptions on how people will use
>> this feature. They might want to ask for many more records along with
>> A/AAAA records. If we change a core DNS feature, it should not designed
>> for a specific DNSSD use case of HTTPS.
> 
> The extension is already limited to a maximum of 7 additional QTYPES, and 
> some might argue that that's too many.  A consideration here is the 
> opportunity for amplification.

I think the artificial limit should not be there.
Amplification is handled by source validation, eg allow for TCP or after 
sending DNS COOKIES. 

> The main DNSSD use case is TXT+SRV.  A+AAAA+HTTPS was an example of a future 
> use case that might be popular outside of DNSSD, and where NSEC bitmaps are 
> not efficient.

I find the efficiently argument not very relevant if we are asking potential 
blobs of public keys etc, eg for ECH.

> I'd also say that this is an extension - it does not change any existing core 
> DNS features.   It's 100% backwards compatible.

To me it’s generic, it’s not a very specific focused use case that is only 
valid in the context of dnssd.

Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to