Re: [DNSOP] [Ext] Breaking the logjam that is draft-ietf-dnsop-svcb-https

2023-02-23 Thread David Schinazi 
Moving the ECH/ESNI bits from draft-ietf-dnsop-svcb-https
to draft-ietf-tls-esni seems to be the simplest option by far here. I
strongly support that.
David

On Thu, Feb 23, 2023 at 10:38 AM Paul Hoffman 
wrote:

> On Feb 23, 2023, at 10:14 AM, Benjamin Schwartz  wrote:
> >
> > I'm OK with this, although personally I'm happy to just wait for ECH.  I
> had hoped for a simpler solution (like marking SVCB's dependency on ECH as
> Informative), but I can understand if the IESG thinks there's no other way.
>
> draft-ietf-dnsop-svcb-https has MUST-level requirements for how to handle
> ECH, so it isn't really possible to mark the dependency as informational.
>
> > If we are chopping the ECH parts out of SVCB, I would prefer to publish
> them later as a separate document, rather than stuffing them into ECH or
> opening a SVCB-bis.  I think that will be clearer for readers and will
> minimize further delays.
>
> Yes, an ecb-in-svcb document would be much better than a -bis, unless
> there are significant other changes to make in the -bis.
>
> --Paul Hoffman
>
> ___
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] DNS Grease?

2024-02-27 Thread David Schinazi 
I think this draft is a great idea and I'd love to see it progress. GREASE
did well in TLS and worked wonders in QUIC - it helped us catch multiple
real production issues early on.

That said, I do worry about the idea of using random unallocated values.
Not all software gets updated, and no software gets updated immediately
worldwide, so this idea is bound to cause interoperability failures down
the road. For the 16-bit values, definitely allocate a few hundred GREASE
codepoints and then pick a random one from that allocated list. For the
fields smaller than 8 bits, things are obviously more difficult but I think
you'll be much better off reserving a much smaller number of codepoints and
using those instead of using random ones. One instance of an non-updated
implementation spraying what values it thinks are unallocated could be
enough to prevent future extensibility.

David

On Mon, Feb 26, 2024 at 10:39 PM Mark Andrews  wrote:

> Yep, we are in a much better position than we were in 2019.  Most failures
> are
> well < 1% when talking to authoritative servers.  Broken firewall defaults
> have
> been fixed and mostly deployed.
>
> > On 27 Feb 2024, at 16:41, George Michaelson  wrote:
> >
> > so yet again, I voice things which show my ignorance, not yours. I
> > thank you for the gentle clue-stick hit, it was educational.
> >
> > -G
> >
> > On Tue, Feb 27, 2024 at 12:24 PM Shumon Huque  wrote:
> >>
> >> On Tue, Feb 27, 2024 at 12:01 AM Mark Andrews  wrote:
> >>>
> >>>
>  On 27 Feb 2024, at 15:53, George Michaelson  wrote:
> 
>  Not in any way to stop this specific draft, I wonder if this is a more
>  general principle of exercising code points which are not marked
>  "never to be used" and should also be raised cross-area, or in another
>  place?
> 
>  Maybe the best path is to get this proved here, and then
> embrace-extend.
> >>>
> >>> Sure there are a lot of places where this should be done.  This is
> going
> >>> to cover DNS.
> >>
> >>
> >> Yup, and although Mark and I have been mulling this for DNS for a number
> >> of years now, the general principle has also been discussed elsewhere
> (see
> >> the references to greasing) and RFC 8701 describes greasing for TLS.
> >>
> >> We should track that work too, but this draft can focus on the DNS use
> case.
> >>
> >> Shumon.
> >>
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org
>
> ___
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] DNS Grease?

2024-04-24 Thread David Schinazi 
If I understand your proposal correctly, this would require the receiver to
support this new EDNS option in order to properly remove values that the
sender thought were unused but that the receiver did not. Such a
requirement on receivers makes it impossible for the sender to know it can
safely GREASE, because the sender has no way of knowing that the receiver
supports this new EDNS option. In general, the idea behind GREASE is that
any sender can use it without requiring any changes on the receiver.

David

On Wed, Apr 24, 2024 at 2:09 PM Brian Dickson 
wrote:

>
>
> On Wed, Feb 28, 2024 at 7:11 AM Shumon Huque  wrote:
>
>> Thanks for your comments David. I hope it will progress too, and good to
>> hear that that grease worked well for TLS and QUIC.
>>
>> On random vs reserved values, we do intend to propose some reserved
>> ranges (there is a placeholder section in the draft for this already). And
>> then try to have a debate about the pros and cons (e.g. is reservation just
>> going to cause middleboxes to treat the greasing range specially, etc). For
>> the larger fields, yes, we could allocate larger reserved ranges and pick
>> randomly from those. For the smaller fields (that accommodate just a
>> discrete set of flags, rather than a number), we could reserve just a small
>> handful of flags. For any proposal that uses purely random unallocated code
>> points, I think we'd need software to have pre-configured (or configurable)
>> end-of-test dates as one way to avoid future interoperability issues.
>>
>> Even for the larger ranges though, there is a more granular
>> classification (such as data vs meta vs q-types in the RR-type space) where
>> more nuanced treatment is needed, such as defining multiple reserved ranges
>> and expecting distinct response behavior for each.
>>
>
> I have an idea, which may or may not be useful, for avoidance of testing
> random code points which are subsequently used, when the two endpoints have
> differing ideas of which code points are in use.
>
> (Philosophically, I prefer negotiated/signaled over unilateral/reserved
> things. Reserved ranges are the latter. The suggestion here is one
> potential method or approach for the former.)
>
> Would using an EDNS option to signal the set of values that the sender
> believes are "grease" (and are set in the outgoing packet) work?
>
> The recipient would flag the values that are "in use" from among the
> "grease" values, and the original sender would handle the non-grease
> response elements flagged by the recipient.
>
> This would also allow for one or more grease values to be probed
> simultaneously or individually, in order to assess/investigate sources of
> non-response. Including information from both ends via EDNS allows for
> correlation of those including both the path and the authoritative server
> EDNS information as data points.
>
> For example, if RRTYPE=FOO were a grease value sent by a resolver, it
> would have EDNS thing "grease-list:RRTYPE=FOO,..." (modulo bike shed color)
> added. The authoritative server would generate whatever response it had for
> RRTYPE=FOO, and add a corresponding EDNS thing "non-grease-list:RRTYPE=FOO".
> The resolver would be able to safely ignore anything/everything in the
> response, and optionally cache tuple of (authority-IP,code-point) so as to
> potentially avoid using it as grease, or to log something to the effect of
> "FOO is now in the wild, maybe you need to update this resolver's
> software?".
>
> This would allow for random grease rather than reserved grease, I think,
> and would be more appropriate for exercising the full range of code points.
>
> Brian
>
>
>>
>> Shumon.
>>
>> On Tue, Feb 27, 2024 at 5:59 PM David Schinazi 
>> wrote:
>>
>>> I think this draft is a great idea and I'd love to see it progress.
>>> GREASE did well in TLS and worked wonders in QUIC - it helped us catch
>>> multiple real production issues early on.
>>>
>>> That said, I do worry about the idea of using random unallocated values.
>>> Not all software gets updated, and no software gets updated immediately
>>> worldwide, so this idea is bound to cause interoperability failures down
>>> the road. For the 16-bit values, definitely allocate a few hundred GREASE
>>> codepoints and then pick a random one from that allocated list. For the
>>> fields smaller than 8 bits, things are obviously more difficult but I think
>>> you'll be much better off reserving a much smaller number of codepoints and
>>> using those instead of using random ones. One inst

Re: [DNSOP] DNS Grease?

2024-04-24 Thread David Schinazi 
I see, thanks for clarifying. So this proposal would require every
implementation that chooses to ever deploy a new codepoint to implement
this new extension, for all eternity. That seems brittle to me, as things
would break in the presence of a single lazy implementer. What made GREASE
viable was the fact that it only takes work from one popular implementation
to create herd immunity, even if all other implementers are lazy. I don't
think it would have been viable otherwise.
David

On Wed, Apr 24, 2024 at 2:59 PM Brian Dickson 
wrote:

>
>
> On Wed, Apr 24, 2024 at 2:28 PM David Schinazi 
> wrote:
>
>> If I understand your proposal correctly, this would require the receiver
>> to support this new EDNS option in order to properly remove values that the
>> sender thought were unused but that the receiver did not. Such a
>> requirement on receivers makes it impossible for the sender to know it can
>> safely GREASE, because the sender has no way of knowing that the receiver
>> supports this new EDNS option. In general, the idea behind GREASE is that
>> any sender can use it without requiring any changes on the receiver.
>>
>
> Not exactly, at least I don't think so.
>
> The presumption would be at some point in time, new code points are
> deployed. If the "grease" specific thing were well publicised, and new code
> points referenced it, it might be possible to infer that newer code points
> are deployed only if they are covered in grease.
> And conversely, code points prior to the EDNS grease thing would not be
> covered in grease.
>
> Thus, senders using grease would be able to know that either a code point
> was free to use for grease operations (because the receiver does not return
> the grease EDNS thing), or that the grease coverage facilitated flagging of
> code points subsequent to the EDNS grease thing.
>
> It's kind of like a flag day, but more of a soft opening, i.e. a
> dependency situation.
>
> Brian
>
>
>>
>> David
>>
>> On Wed, Apr 24, 2024 at 2:09 PM Brian Dickson <
>> brian.peter.dick...@gmail.com> wrote:
>>
>>>
>>>
>>> On Wed, Feb 28, 2024 at 7:11 AM Shumon Huque  wrote:
>>>
>>>> Thanks for your comments David. I hope it will progress too, and good
>>>> to hear that that grease worked well for TLS and QUIC.
>>>>
>>>> On random vs reserved values, we do intend to propose some reserved
>>>> ranges (there is a placeholder section in the draft for this already). And
>>>> then try to have a debate about the pros and cons (e.g. is reservation just
>>>> going to cause middleboxes to treat the greasing range specially, etc). For
>>>> the larger fields, yes, we could allocate larger reserved ranges and pick
>>>> randomly from those. For the smaller fields (that accommodate just a
>>>> discrete set of flags, rather than a number), we could reserve just a small
>>>> handful of flags. For any proposal that uses purely random unallocated code
>>>> points, I think we'd need software to have pre-configured (or configurable)
>>>> end-of-test dates as one way to avoid future interoperability issues.
>>>>
>>>> Even for the larger ranges though, there is a more granular
>>>> classification (such as data vs meta vs q-types in the RR-type space) where
>>>> more nuanced treatment is needed, such as defining multiple reserved ranges
>>>> and expecting distinct response behavior for each.
>>>>
>>>
>>> I have an idea, which may or may not be useful, for avoidance of testing
>>> random code points which are subsequently used, when the two endpoints have
>>> differing ideas of which code points are in use.
>>>
>>> (Philosophically, I prefer negotiated/signaled over unilateral/reserved
>>> things. Reserved ranges are the latter. The suggestion here is one
>>> potential method or approach for the former.)
>>>
>>> Would using an EDNS option to signal the set of values that the sender
>>> believes are "grease" (and are set in the outgoing packet) work?
>>>
>>> The recipient would flag the values that are "in use" from among the
>>> "grease" values, and the original sender would handle the non-grease
>>> response elements flagged by the recipient.
>>>
>>> This would also allow for one or more grease values to be probed
>>> simultaneously or individually, in order to assess/investigate sources of
>>> non-response. Including information from both ends via EDNS allows for
>

Re: [DNSOP] DNS HTTPS/SVCB record type support in iOS 14

2020-09-25 Thread David Schinazi 
Hi Tommy,

Thanks for the announcement! It's really exciting to see this deployed in
the wild.
Clarification question: your email mentioned support for the HTTPS DNS
query,
but it didn't mention when iOS makes those queries. For example, do you
query
this record every single time you perform A/ queries? (in the context of
a Network.framework connection to port 443)

David

On Fri, Sep 25, 2020 at 12:59 PM Tommy Pauly  wrote:

> Hello DNSOP & QUIC,
>
> I wanted to provide an update that the production version of iOS 14, which
> shipped last week, includes support for sending HTTPS (SVCB) DNS queries
> (RR type 65) for applications using our system networking APIs.
>
> The implementation status has been updated here:
> https://github.com/MikeBishop/dns-alt-svc/blob/master/svcb-implementations.md
>
> For those with HTTP/3 QUIC deployments, this means that (when HTTP/3
> experimental support is enabled) iOS will use the ALPN indication in the
> HTTPS record to enable HTTP/3 prior to receiving an Alt-Svc indication. As
> previously noted on the DNSOP list, Cloudflare is already supporting
> publishing these records, and we’d encourage other server deployments that
> support QUIC to do the same.
>
> To note, this behavior is the same in the betas of macOS 11.
>
> Best,
> Tommy
>
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] [dnssd] Adoption call for draft-sekar-dns-ul-03 into DNSSD

2021-08-18 Thread David Schinazi 
[ DNSOP to BCC to limit cross-posting ]

Speaking as an individual contributor, I have read the draft and support
adoption in DNSSD.

David

On Wed, Aug 18, 2021 at 9:31 AM Chris Box  wrote:

> WG members,
>
> This email starts a call to adopt
> https://datatracker.ietf.org/doc/html/draft-sekar-dns-ul-03 into the
> DNSSD working group.
>
> What is this? Abstract:
>This document proposes a new EDNS0 option that can be used by DNS
>Update clients and DNS servers to include a lease lifetime in a DNS
>Update or response, allowing a server to garbage collect stale
>resource records that have been added by DNS Updates
>
> Adoption means that formal change control passes from the authors to the
> working group. All subsequent substantive changes require WG rough
> consensus. Adoption represents a commitment that the DNSSD WG will spend
> time on the draft, with the aim of progressing it towards publication.
>
> Note that in theory the draft could fit the charters of both DNSOP and
> DNSSD, but we're proposing DNSSD as this specific functionality is required
> as part of draft-ietf-dnssd-srp
>  which is already
> well advanced. The relevant charter text is:
>
> 2. To develop an improved, scalable solution for service discovery
>that can operate in multi-link networks, where devices may be
>in neighboring or non-neighboring links, applicable to
>the scenarios above.  The solution will consider tradeoffs between
>reusing/extending existing protocols and developing entirely new
>protocols.
>
> This email is being copied to DNSOP to solicit additional feedback from
> the expertise there, but note this is NOT a call to adopt into DNSOP.
>
> You should be aware this draft is covered by an IPR disclosure. Details of
> Apple's licensing terms can be found at
> https://datatracker.ietf.org/ipr/1236/.
>
> Within DNSSD we are asking two questions:
> 1) If you have read this six-page draft and are content with it, or would
> like to amend/discuss it further inside the working group, please speak up
> now.
> 2) If you believe that this document is not something the DNSSD working
> group should be working on, please also say so.
>
> For this call to succeed, we'll need statements of explicit support from
> people who have read the draft. The document does not have to be perfect,
> but it needs to be solving a problem the WG wants to solve in a way
> approximately as described in the draft.
>
> Please send statements in support or against, as responses to this email.
> This call will be open until 2021-09-03 23:59 UTC.
>
> Thanks,
> Chris
>
> ___
> dnssd mailing list
> dn...@ietf.org
> https://www.ietf.org/mailman/listinfo/dnssd
>
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] [dnssd] Working Group Last Call - draft-ietf-dnsop-session-signal

2018-02-16 Thread David Schinazi 
Hi,

(chair hat off)

I've reviewed draft-ietf-dnsop-session-signal-04 and -05 and think -05 is ready 
to move forward.
Draft -05 addresses the points I raised on -04 and in my opinion makes the 
document clearer.

Thanks,
David Schinazi


> On Feb 1, 2018, at 11:14, tjw ietf  wrote:
> 
> 
> This starts a Working Group Last Call for draft-ietf-dnsop-session-signal
> 
> Current versions of the draft is available here:
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-session-signal/ 
> <https://datatracker.ietf.org/doc/draft-ietf-dnsop-session-signal/>
> 
> Please review the draft and offer relevant comments. Also, if someone feels 
> the document is *not* ready for publication, please speak out with your 
> reasons.
> 
> We are doing a three week Working Group Last Call process, and we're cross 
> posting to a few groups where we hope to receive some strong reviews. 
> 
> This WGLC ends at midnight, 22 February 2018.
> 
> thanks
> Tim/suzanne
> ___
> dnssd mailing list
> dn...@ietf.org
> https://www.ietf.org/mailman/listinfo/dnssd

___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] [v6ops] [IANA #989438] ipv4only.arpa's delegation should be insecure.

2018-06-12 Thread David Schinazi 
Hi everyone,

Stuart and I have a draft that attempts to address these issues, please let us 
know if you think it does or doesn't.

https://tools.ietf.org/html/draft-cheshire-sudn-ipv4only-dot-arpa 
<https://tools.ietf.org/html/draft-cheshire-sudn-ipv4only-dot-arpa>

Thanks,
David Schinazi


> On Jun 12, 2018, at 18:29, Mark Andrews  wrote:
> 
> The Domain Name Reservation Considerations in RFC 7050 do not cover whether
> a delegation should be signed or not.  Due to that omission in constructing 
> the set
> of questions to be asked RFC 7050 fails when the client is behind a 
> validating resolver
> that has NO SPECIAL KNOWLEDGE of IPV4ONLY.ARPA.
> 
> There are 2 pieces of work that are required.
> 1) update the list of questions that need to be asked needs to include 
> whether a delegation
> needs to be signed or not.
> 2) update RFC 7050 to include explicit instructions to say DO NOT sign 
> IPV4ONLY.ARPA.
> 
> Item 1 is dnsop work as far as I can see.  Item 2, I think, should be v6ops 
> work.
> 
> HOME.ARPA is a example of a unsigned delegation.
> 10.IN-ADDR.ARPA is a example of a unsigned delegation.
> 
> There is zero benefit in IPV4ONLY.ARPA being signed.  Its contents on the 
> Internet
> are well known.  The contents with NAT64 in using are well known except for 
> the
>  query.  The answer to that query is *expected to change*.  That answer 
> cannot
> be validated.
> 
> Mark
> 
>> Begin forwarded message:
>> 
>> From: "Michelle Cotton via RT" > <mailto:iana-questi...@iana.org>>
>> Subject: [IANA #989438] ipv4only.arpa's delegation should be insecure.
>> Date: 6 January 2018 at 8:45:10 am AEDT
>> To: ma...@isc.org <mailto:ma...@isc.org>
>> Reply-To: iana-questi...@iana.org <mailto:iana-questi...@iana.org>
>> 
>> Hello,
>> 
>> Following up on a thread from the end of the year.  Who will bring this to 
>> the DNSOps working group?  Will someone notify us if there is an consensus 
>> on a conclusion of what needs to be done?
>> 
>> Thanks in advance.
>> 
>> --Michelle Cotton
>> 
>> 
>> On Sun Dec 10 22:40:29 2017, danw...@gmail.com <mailto:danw...@gmail.com> 
>> wrote:
>>> I had replied to the errata. I agree it warrants additional
>>> discussion, and had also suggested same. Dnsops seems appropriate.
>>> 
>>> 
>>> 
>>> The question is not to much where the attacker is, but what DNSSEC
>>> guarantee is provided. DNS64 imagines the client could do its own
>>> validation — if it wanted.  To date, effectively zero clients seem to
>>> want to do their own DNSSEC validation.
>>> 
>>> -d
>>> 
>>>> On Dec 10, 2017, at 11:13 AM, Savolainen, Teemu (Nokia-TECH/Tampere)
>>>> mailto:teemu.savolai...@nokia.com>> wrote:
>>>> 
>>>> Hi,
>>>> 
>>>> Dan Wing seem to have moved to VMWare, but cc'ing him now with an
>>>> email address I found from an I-D..
>>>> 
>>>> I'm not really following IETF nowadays, so I don't know if this has
>>>> been discussed.
>>>> 
>>>> Also I'm not sure why ISPs couldn’t first verify the A response's
>>>> validity and then generate  response to the client as document...
>>>> but I suppose it could be considered to be more proper action to
>>>> modify insecure responses than secure responses. I'm just worried
>>>> what happens if there's attacker between ISP and root, in which case
>>>> the IPv4 address part of the response could be modified by attacker
>>>> and then delivered to client in the ISP's synthetic  record..
>>>> 
>>>> So I cannot accept the errata straight away, but it should be
>>>> discussed with people who are more experts on this than I am.
>>>> 
>>>> Best regards,
>>>> 
>>>> Teemu
>>>> 
>>>> 
>>>> -Original Message-
>>>> From: Michelle Cotton via RT [mailto:iana-questions-
>>>> comm...@iana.org <mailto:comm...@iana.org>]
>>>> Sent: 9. joulukuuta 2017 1:22
>>>> Cc: i...@kuehlewind.net <mailto:i...@kuehlewind.net>; 
>>>> spencerdawkins.i...@gmail.com <mailto:spencerdawkins.i...@gmail.com>;
>>>> jouni.nos...@gmail.com <mailto:jouni.nos...@gmail.com>; Savolainen, Teemu 
>>>> (Nokia-TECH/Tampere)
>>>> mailto:teemu.savolai...@nokia.com>>
>>>> Subject: [IA

Re: [DNSOP] [v6ops] [IANA #989438] ipv4only.arpa's delegation should be insecure.

2018-06-18 Thread David Schinazi 
Hi, responses inline.

> On Tue, Jun 12, 2018 at 11:16 PM Mark Andrews  > wrote:
> 
> This does not meet my requirements. There is zero need for any part of the 
> normal DNS resolution
> process to know the IPV4ONLY.ARPA is special if IANA stopped signing the zone.

Could you take a look at draft-cheshire-sudn-ipv4only-dot-arpa please? It 
explains why some parts of the DNS resolution process do need to treat 
ipv4only.arpa as special, regardless of DNSSEC.

> On Jun 13, 2018, at 19:19, Warren Kumari  wrote:
> 
> I read that a few times, and even when squinting I cannot figure out how that 
> is supposed to work. Can someone enlighten me? I can see how a signed 
> ipv4only.arpa allows a validating DNS64 server to validate the (well known!) 
> v4 addresses, but the malicious  RR detection bit confuses me...

I agree, there is no point in signing the A records for ipv4only.arpa since 
they are well-known, and for the same reason there is no point in checking it. 
So having A records signed or unsigned is irrelevant since no one should be 
querying for these A records anyway. Similarly, since the whole purpose of the 
 records for ipv4only.arpa is to be overridden by a DNS64 recursive 
resolver which is not owned by .arpa, checking signatures will not validate 
anything useful.

I agree with Mark's point that queries will fail when the client is behind a 
validating resolver that has no special knowledge of ipv4only.arpa.

To resolve this, we'll update draft-cheshire-sudn-ipv4only-dot-arpa to mention 
that ipv4only.arpa MUST NOT be signed.

Thanks,
David___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

[DNSOP] Re: New draft regarding RFC7050

2024-09-25 Thread David Schinazi 
Hi,

I read through this draft. It seems reasonable to me, thanks for writing
it. I support this work moving forward.

David

On Mon, Sep 9, 2024 at 3:53 PM Nick Buraglio 
wrote:

> dnsop folks,
>
> Based on some conversations and discussions at the end of the second
> session at 120, several of us worked out a draft to address what we believe
> are some notable details in RFC7050. This draft was just submitted to the
> datatracker, and we would appreciate any input, comments, corrections, and
> productive discussion from the expertise of the group. The draft can be
> read at https://datatracker.ietf.org/doc/draft-buraglio-deprecate7050/
>
> Thanks in advance, we look forward to anything the list is willing to
> provide.
>
> Thanks!
>
> nb
> ___
> DNSOP mailing list -- dnsop@ietf.org
> To unsubscribe send an email to dnsop-le...@ietf.org
>
___
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org