2018-07-04 0:55 GMT+09:00 Eric Rescorla <e...@rtfm.com>: > > > On Tue, Jul 3, 2018 at 8:40 AM, Paul Wouters <p...@nohats.ca> wrote: >> >> On Mon, 2 Jul 2018, Eric Rescorla wrote: >> >>> It is strongly recommended not to use TXT records. Why not use a >>> new >>> RRTYPE? Everything these days knows how to serve unknown record >>> types >>> (see RFC 3597). The only possibly exception is provisioning tools >>> of >>> small players, but this document starts of saying you basically >>> need >>> to be on a bulk hosting provider anyway. They can properly >>> provision. >>> >>> See: >>> >>> https://github.com/ekr/draft-rescorla-tls-esni/issues/7#issuecomment-388531906 >> >> >> [Can we keep the discussion within the IETF and the Note Well please. We >> also don't know what happens in 10 years with these links.] > > > If you look carefully, you'll see that this discussion happened weeks ago. I > was > just pointing you at it because you asked why we did it the way we did. > > With that said,IETF policy does not prohibit having discussions on Github.. > We do it > regularly in TLS and it's the standard policy in QUIC. > > >> >> quoting from that link: >> >> These facts lead to the conclusion that if we choose RRtype as the >> method, there would often be cases where the DNS record of the >> ESNIKey >> and the TLS server would be required to be operated by different >> entities. >> >> That seems to have confused two things with each other. I did not say >> anything about the location of the DNS record, only of the RRTYPE. >> Clearly, with the same location, it would be under control of the same >> entity, so I don't understand why you bring this up as a reason against >> using a dedicated RRTYPE. > > > I'm just quoting Kazuho here, so I'll let him respond to himself.
The discussion was about comparing two approaches: a) use a new record type without suffix, b) use TXT record type with suffix. My argument was that we should select b because a has the deployability issue in regard to APEX names. It is true that the deployability issue is a concern related to the non-use of prefix. It is _not_ related to the selection of the record type. OTOH, I think that the reliability issue related to using a new record type exists, as others have pointed out. > > -Ekr > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > -- Kazuho Oku _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
