IETF Logo Mail Archive

Re: [apps-discuss] Looking at Webfinger

"Paul E. Jones" <paulej@packetizer.com> Tue, 25 September 2012 05:34 UTC

Return-Path: <paulej@packetizer.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D6B021F892F for <apps-discuss@ietfa.amsl.com>; Mon, 24 Sep 2012 22:34:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b710i2ckTy8X for <apps-discuss@ietfa.amsl.com>; Mon, 24 Sep 2012 22:34:22 -0700 (PDT)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) by ietfa.amsl.com (Postfix) with ESMTP id 6D6E021F892C for <apps-discuss@ietf.org>; Mon, 24 Sep 2012 22:34:22 -0700 (PDT)
Received: from [131.181.20.110] ([131.181.20.110]) (authenticated bits=0) by dublin.packetizer.com (8.14.5/8.14.5) with ESMTP id q8P5YGVR030339 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Tue, 25 Sep 2012 01:34:19 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=packetizer.com; s=dublin; t=1348551260; bh=DHe3T2sZIfOnHdCTnaio7ZCgmHxiiulL2hnNe1cRnGc=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=PsgbR2ZnNyrxwJm0hSQLzfNEiEYPrUE/+U9YiEMi4wfBtMzvXi5wzu6FBo0NqYe5G zRoHB7OBa0GylKPVbvthqAppdPcj3ttAjrovnHD5AkUbCLwRtz1ocsj0YwrfX8SPuq 4O3MsHZrmvimaozMrSyAtvKERIB/Xx2dxpSQTKeQ=
Message-ID: <50614259.2040504@packetizer.com>
Date: Tue, 25 Sep 2012 01:34:17 -0400
From: "Paul E. Jones" <paulej@packetizer.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120907 Thunderbird/15.0.1
MIME-Version: 1.0
To: John Bradley <ve7jtb@ve7jtb.com>
References: <F80C8C9C-7AB8-4B7E-BFD2-4D69499D21A1@mnot.net> <DF4591C5-A5AE-4D2A-BB3A-FF4DAFBBD98A@ve7jtb.com> <CABP7RbefS9Sy2m0GsiSx2VZopf78DhqU1fjfsDn5z926Q_--GA@mail.gmail.com> <CAJu8rwUeAKEtAS-g6X3xJqyu-Xy6yQnfdeNj3mGC__D3zijwzA@mail.gmail.com> <35550AA9-E003-4917-B08C-93CB6CC2CB07@mnot.net> <CAJu8rwWKa7ehr+k=zDWD=OMzPTEt56inPW0tvZaNUmdcL3ygoQ@mail.gmail.com> <503CDF26.8050000@aol.com> <02a301cd8551$be7ab390$3b701ab0$@packetizer.com> <3BE24613-9CA0-4B2C-AB33-274026D534FB@ve7jtb.com> <032d01cd8597$aac7f740$0057e5c0$@packetizer.com> <CAJu8rwX=F8o8U2tv3vJbL+p2dnGVGDtccKOk+ ukn4jtSXNwDxg@mail.gmail.com> <04f001cd8627$092727e0$1b7577a0$@packetizer.com> <90420743-8FE8-4EDB-98EF-D717D5346397@frobbit.se> <1346306587.53748.YahooMailNeo@web31804.mail.mud.yahoo.com> <E5BBDB94-2D62-4A35-860A-22A466F88F5F@frobbit.se> <251A4741-1E52-41D3-B4C8-43BEDE5C79B7@ve7jtb.com> <CABzCy2BTcr0FZK7i-UmzUkLonYS3NOgtxzXM5zm51+bdUPU-sQ@mail.gmail.com> <EE204055-91B0-4A30-B27D-C001814EDE98@ve7jtb.com>
In-Reply-To: <EE204055-91B0-4A30-B27D-C001814EDE98@ve7jtb.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Mark Nottingham <mnot@mnot.net>, IETF Apps Discuss <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] Looking at Webfinger
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Sep 2012 05:34:23 -0000

On 9/11/2012 11:49 AM, John Bradley wrote:
> Nat,
>
> TuCows supports SRV records at least for openSRS.   Some of there resellers may be using other things to manage DNS recodes and just using them for registration, so it would be hard to make a blanket statement.
>
> I think using a SRV record introduces other security issues that would have to be looked at without DNSsec.
>
> John B.

I think this is true regardless. DNSSEC should be a top priority for 
anyone, really.  Otherwise, there exists the risk of having the domain 
requests hijacked.  And if one can do that, they can probably get 
certificates for the hijacked domains.

Paul

v2.23.0 | Report a Bug | By Email