Re: [Acme] dns challenges and dynamic dns services (security considerations for domain holders)

James Cloos <cloos@jhcloos.com> Fri, 29 January 2016 16:54 UTC

Return-Path: <cloos@jhcloos.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D055F1A87C8 for <acme@ietfa.amsl.com>; Fri, 29 Jan 2016 08:54:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PAyZVSIqMoux for <acme@ietfa.amsl.com>; Fri, 29 Jan 2016 08:54:20 -0800 (PST)
Received: from ore.jhcloos.com (ore.jhcloos.com [198.147.22.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B8771A87C7 for <acme@ietf.org>; Fri, 29 Jan 2016 08:54:20 -0800 (PST)
Received: by ore.jhcloos.com (Postfix, from userid 10) id C34521E8A3; Fri, 29 Jan 2016 16:54:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhcloos.com; s=ore14; t=1454086459; bh=OLK+F3SEYG059R7aQ4p6VoLcNoTTZpEKmcp+BgDImPU=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=kzNWt245aFUxqlOjrjs4MFdW8Dd/GEeDOdLdRPL1EJSLd6FVdmzC9U2BOqsWSF8Mx JMt12Pll86ILePok6s5k47qhLHQCfUJx224aBnfLK6pFY2SJcrDn+MS/6rkrqdR17Q PYXt/fOUZ8zteaWMTOzs4duX98ccBERVRaTasdCI=
Received: by carbon.jhcloos.org (Postfix, from userid 500) id 8567A107BCAA1; Fri, 29 Jan 2016 16:52:11 +0000 (UTC)
From: James Cloos <cloos@jhcloos.com>
To: Frederik Braun <fbraun@mozilla.com>
In-Reply-To: <56AB8495.9000309@mozilla.com> (Frederik Braun's message of "Fri, 29 Jan 2016 16:26:13 +0100")
References: <56AB6D8D.9010803@mozilla.com> <56AB8118.9020500@moparisthebest.com> <56AB8495.9000309@mozilla.com>
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.1.50 (gnu/linux)
Face: iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAgMAAABinRfyAAAACVBMVEX///8ZGXBQKKnCrDQ3 AAAAJElEQVQImWNgQAAXzwQg4SKASgAlXIEEiwsSIYBEcLaAtMEAADJnB+kKcKioAAAAAElFTkSu QmCC
Copyright: Copyright 2015 James Cloos
OpenPGP: 0x997A9F17ED7DAEA6; url=https://jhcloos.com/public_key/0x997A9F17ED7DAEA6.asc
OpenPGP-Fingerprint: E9E9 F828 61A4 6EA9 0F2B 63E7 997A 9F17 ED7D AEA6
Date: Fri, 29 Jan 2016 11:52:11 -0500
Message-ID: <m3y4b8gwg4.fsf@carbon.jhcloos.org>
Lines: 14
MIME-Version: 1.0
Content-Type: text/plain
X-Hashcash: 1:28:160129:fbraun@mozilla.com::ELN+vc+fA+5N7E63:000000000000000000000000000000000000000000OFnC/
X-Hashcash: 1:28:160129:acme@ietf.org::dYecCbGIsm/EVKPM:000Hjbam
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/FIFPdcK2YQcUnp-SKNK7vedMR1w>
Cc: acme@ietf.org
Subject: Re: [Acme] dns challenges and dynamic dns services (security considerations for domain holders)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 16:54:22 -0000

>>>>> "FB" == Frederik Braun <fbraun@mozilla.com> writes:

FB> I'm concerned that everyone having to update their blacklists[1] will
FB> lead to more trouble.

They really all ought to forbid any label which start with an
underscore.

Wasn't that part of the motivation for using an underscore to initiate
such lables?

-JimC
-- 
James Cloos <cloos@jhcloos.com>         OpenPGP: 0x997A9F17ED7DAEA6