Re: [apps-discuss] Looking at Webfinger

Salvatore Loreto <salvatore.loreto@ericsson.com> Sun, 07 October 2012 16:39 UTC

Return-Path: <salvatore.loreto@ericsson.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06AC021F86EA for <apps-discuss@ietfa.amsl.com>; Sun, 7 Oct 2012 09:39:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.974
X-Spam-Level:
X-Spam-Status: No, score=-106.974 tagged_above=-999 required=5 tests=[AWL=-0.726, BAYES_00=-2.599, HELO_EQ_SE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yztD-1fWoWHt for <apps-discuss@ietfa.amsl.com>; Sun, 7 Oct 2012 09:39:13 -0700 (PDT)
Received: from mailgw2.ericsson.se (mailgw2.ericsson.se [193.180.251.37]) by ietfa.amsl.com (Postfix) with ESMTP id 44A2321F86E8 for <apps-discuss@ietf.org>; Sun, 7 Oct 2012 09:39:13 -0700 (PDT)
X-AuditID: c1b4fb25-b7f046d00000644c-79-5071b02052f7
Received: from esessmw0237.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw2.ericsson.se (Symantec Mail Security) with SMTP id 74.38.25676.020B1705; Sun, 7 Oct 2012 18:38:56 +0200 (CEST)
Received: from mail.lmf.ericsson.se (153.88.115.8) by esessmw0237.eemea.ericsson.se (153.88.115.91) with Microsoft SMTP Server id 8.3.279.1; Sun, 7 Oct 2012 18:38:55 +0200
Received: from nomadiclab.lmf.ericsson.se (nomadiclab.lmf.ericsson.se [131.160.33.3]) by mail.lmf.ericsson.se (Postfix) with ESMTP id CF9722AD7 for <apps-discuss@ietf.org>; Sun, 7 Oct 2012 19:38:55 +0300 (EEST)
Received: from nomadiclab.lmf.ericsson.se (localhost [127.0.0.1]) by nomadiclab.lmf.ericsson.se (Postfix) with ESMTP id 3E2C2537C1 for <apps-discuss@ietf.org>; Sun, 7 Oct 2012 19:38:55 +0300 (EEST)
Received: from Salvatore-Loretos-MacBook-Pro.local (localhost [127.0.0.1]) by nomadiclab.lmf.ericsson.se (Postfix) with ESMTP id D91F453464 for <apps-discuss@ietf.org>; Sun, 7 Oct 2012 19:38:54 +0300 (EEST)
Message-ID: <5071B01E.7050500@ericsson.com>
Date: Sun, 07 Oct 2012 19:38:54 +0300
From: Salvatore Loreto <salvatore.loreto@ericsson.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:15.0) Gecko/20120907 Thunderbird/15.0.1
MIME-Version: 1.0
To: apps-discuss@ietf.org
References: <F80C8C9C-7AB8-4B7E-BFD2-4D69499D21A1@mnot.net> <CABP7RbefS9Sy2m0GsiSx2VZopf78DhqU1fjfsDn5z926Q_--GA@mail.gmail.com> <CAJu8rwUeAKEtAS-g6X3xJqyu-Xy6yQnfdeNj3mGC__D3zijwzA@mail.gmail.com> <35550AA9-E003-4917-B08C-93CB6CC2CB07@mnot.net> <CAJu8rwWKa7ehr+k=zDWD=OMzPTEt56inPW0tvZaNUmdcL3ygoQ@mail.gmail.com> <503CDF26.8050000@aol.com> <02a301cd8551$be7ab390$3b701ab0$@packetizer.com> <3BE24613-9CA0-4B2C-AB33-274026D534FB@ve7jtb.com> <032d01cd8597$aac7f740$0057e5c0$@packetizer.com> <CAJu8rwX=F8o8U2tv3vJbL+p2dnGVGDtccKOk+ ukn4jtSXNwDxg@mail.gmail.com> <04f001cd8627$092727e0$1b7577a0$@packetizer.com> <90420743-8FE8-4EDB-98EF-D717D5346397@frobbit.se> <1346306587.53748.YahooMailNeo@web31804.mail.mud.yahoo.com> <E5BBDB94-2D62-4A35-860A-22A466F88F5F@frobbit.se> <251A4741-1E52-41D3-B4C8-43BEDE5C79B7@ve7jtb.com> <CABzCy2BTcr0FZK7i-UmzUkLonYS3NOgtxzXM5zm51+bdUPU-sQ@mail.gmail.com> <EE204055-91B0-4A30-B27D-C001814EDE98@ve7jtb.com> <50614259.2040504@packetizer.com>
In-Reply-To: <50614259.2040504@packetizer.com>
Content-Type: multipart/alternative; boundary="------------080706030107050906080007"
X-Virus-Scanned: ClamAV using ClamSMTP
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrOLMWRmVeSWpSXmKPExsUyM+Jvra7ChsIAgwdfrCxWv1zB5sDosWTJ T6YAxigum5TUnMyy1CJ9uwSujH+/jzIXzJGsWHPtH1sDY6tIFyMnh4SAicTx9Z/YIWwxiQv3 1rN1MXJxCAmcYpTY97iZEcJZzygx4/5PVgjnOqPEncU9rHBlc44uZ4dwLjNKbP79lQ1kGK+A tsTEZyvBbBYBFYkP874wgdhsAmYSzx9uYQaxRQWSJXrn72SEqBeUODnzCQuILSIgKbFv1mSw GmEBA4ntf44yQyw4zS7xbfYtVpAEp4CexMkF98EuZxYIk1j3bD0rxBdqElfPbQJrFhLQkug9 28k0gVF4FpIds5C0QNi2EhfmXIeKy0tsfzuHGcLWlbjwfwqK+AJGtlWMwrmJmTnp5UZ6qUWZ ycXF+Xl6xambGIGRcXDLb9UdjHfOiRxilOZgURLntd66x19IID2xJDU7NbUgtSi+qDQntfgQ IxMHp1QDo/4tDZONmvPee+uZvD49yXj5/i7xHA23szPM831X5BYe1j2ZOTEg4+2+bhOxXI4/ DItqVFtXcBgZyG898Pr79p+b+K/Pm/VlUuiHkpKHRipfTGJvp69+LbBf7q+PwaGuSZeaTn+s er1hwR2+jT5aD54tOZC2/Vqh70X2bcFfDm04r5vs63bob5ESS3FGoqEWc1FxIgDWRuuEWgIA AA==
Subject: Re: [apps-discuss] Looking at Webfinger
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Oct 2012 16:39:15 -0000

On 9/25/12 8:34 AM, Paul E. Jones wrote:
> On 9/11/2012 11:49 AM, John Bradley wrote:
>> Nat,
>>
>> TuCows supports SRV records at least for openSRS.   Some of there resellers may be using other things to manage DNS recodes and just using them for registration, so it would be hard to make a blanket statement.
>>
>> I think using a SRV record introduces other security issues that would have to be looked at without DNSsec.
>>
>> John B.
> I think this is true regardless. DNSSEC should be a top priority for
> anyone, really.  Otherwise, there exists the risk of having the domain
> requests hijacked.  And if one can do that, they can probably get
> certificates for the hijacked domains.
>
> Paul
>
I share the same concerns about the possibility to introduce security 
issues that would have to be looked
if we go for SRV record without DNSsec.

Having said that, what I would like to understand at this point is how 
important is to solve
the issue of domains "not able to use 3xx redirect requests"

/Salvatore

-- 
Salvatore Loreto, PhD
www.sloreto.com