Re: [dbound] [EXTERNAL] Re: RDBD 01 Comments

"Brotman, Alexander" <Alexander_Brotman@comcast.com> Fri, 22 March 2019 13:01 UTC

Return-Path: <Alexander_Brotman@comcast.com>
X-Original-To: dbound@ietfa.amsl.com
Delivered-To: dbound@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D0A1126D00 for <dbound@ietfa.amsl.com>; Fri, 22 Mar 2019 06:01:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (4096-bit key) header.d=comcast.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hNZCVGNbrgP1 for <dbound@ietfa.amsl.com>; Fri, 22 Mar 2019 06:01:57 -0700 (PDT)
Received: from copdcmhout02.cable.comcast.com (copdcmhout02.cable.comcast.com [96.114.158.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED01A12787F for <dbound@ietf.org>; Fri, 22 Mar 2019 06:01:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=comcast.com; s=20190220p; c=relaxed/simple; q=dns/txt; i=@comcast.com; t=1553259716; x=2417173316; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=JGZS9uAXTZethP0DfKRhYfJp+csofSeNrTV97ihydXQ=; b=DkQpEVKr4lzx9Z+kPHs4msE62UBkmjzDBBVqSN96Q1aB1TsY7UKYrLJ+B2YbY72W AV2djksxM92T7FXBklRbPEkEAF+DSdqS0J/cJZ4eKfnMjf2EZhEOndwaLsrbmR7Y LhoJ1QD0JfSsshUyKSLHNGoQdffqrE4niSWpuldFuKc8O7402hkR5IU64ZRZDMS0 j/OydXhK5x0McTHpR9PezqaHwLTZTrmRQQPO7ANws6XJJOlz2CYojn9kCYvD0AJH 35QirFTfh89VDZI7L3t2kA5nqpbnmcKFtbmeZFWMsNVRIMWzNT7MPJkLKgI2vjky dIoRFCCFIjbOXlXYdw5j6r5Jh7+/4mIg3N3RcEsovyoysQNE7Ezp9W8GPdtrDavh 27MGoEi8mrbQXH/YDQVYCOjaKrybeMBYbhhb5H0duEKQS9Z1syzN+n70jm9p01gw agoo08k27F+kQOZnnTMjzRDFTUgGBPi41xdpPByjVTlPaAVkaC2JmNpy1UO1lFkf 6EObzpENwGMDyG/ZIA2wzT1a7VPtYdMg9MMKxQyeG2EMtD0mPTQikdCzaIqqTQKF dx/cvDJwbWXqViOpqFxsh1D0Ui1ydVmMbTcJBUbJQZORSUAQgIttPjKHjX4WhDgT Sp9i+y4bLQwUKpQ0H8h8mosYHMD6kPk/MIYWetN59pk=;
X-AuditID: 60729ed4-2e5ff700000044dc-0f-5c94dcc4d8ee
Received: from COPDCEX21.cable.comcast.com (copdcmhoutvip.cable.comcast.com [96.114.156.147]) (using TLS with cipher AES256-SHA256 (256/256 bits)) (Client did not present a certificate) by copdcmhout02.cable.comcast.com (SMTP Gateway) with SMTP id 72.4F.17628.4CCD49C5; Fri, 22 Mar 2019 07:01:56 -0600 (MDT)
Received: from COPDCEX19.cable.comcast.com (147.191.124.150) by COPDCEX21.cable.comcast.com (147.191.124.152) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 22 Mar 2019 07:01:55 -0600
Received: from COPDCEX19.cable.comcast.com ([fe80::3aea:a7ff:fe36:8380]) by COPDCEX19.cable.comcast.com ([fe80::3aea:a7ff:fe36:8380%19]) with mapi id 15.00.1473.003; Fri, 22 Mar 2019 07:01:54 -0600
From: "Brotman, Alexander" <Alexander_Brotman@comcast.com>
To: John Levine <johnl@taugh.com>, "dbound@ietf.org" <dbound@ietf.org>
Thread-Topic: [EXTERNAL] Re: [dbound] RDBD 01 Comments
Thread-Index: AdTfFlvTuXmSYIHhSdCCV6bGLR7WHwAYy7GAAEyfGvA=
Date: Fri, 22 Mar 2019 13:01:54 +0000
Message-ID: <69eefc3fb8244b529ba9dcfea6c01489@COPDCEX19.cable.comcast.com>
References: <ac159edaa05641ffa59e7358209ea0a4@COPDCEX19.cable.comcast.com> <20190320180341.9885A20104BD45@ary.qy>
In-Reply-To: <20190320180341.9885A20104BD45@ary.qy>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [68.87.29.9]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Forward
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpkleLIzCtJLcpLzFFi42JJKJozWffInSkxBi87BSx2Xb7GbnG6Zw2T A5PHkiU/mTzubQkNYIpqYLQpyShKTSxxSU1LzStOteNSwAA2Salp+UWprolFOZVBqTmpidiV gVSmpOZklqUW6WM1Rh+rOQldTBkdc34xF9wTqni3qp2pgXGBUBcjJ4eEgInE51PHmLoYuTiE BHYySey5vokRwjnEKDH/3xQ2kCohgZOMEh09JiA2m4CVxNv/7cwgtoiAm8Tz3sdgNcICphJ7 G6cyQcTNJHZ2HmDpYuQAsq0krmwRBQmzCKhK3FzfBFbOK+AlcWfeBmaI8cUS1zYvYAcp5xQw lmic6AESZhQQk/h+ag3YRGYBcYlbT+YzQdwsILFkz3lmCFtU4uXjf6wQtoHE1qX7WCBsOYll P+8wg4xkFtCUWL9LH2KMosSU7ofsEBcISpyc+QSqXFzi8JEdrBMYxWch2TYLoXsWku5ZSLoX MLKsYuSzNNMzNDTRMzS10DMyNNrECE4Y867sYLw83eMQowAHoxIP7/59U2KEWBPLiitzgUHL wawkwrsrenKMEG9KYmVValF+fFFpTmrxIUZpDhYlcd5In0kxQgLpiSWp2ampBalFMFkmDk6p BsbJlzU9BRWEbjBNyb3AnN/hOZHBxd/k++u6rEluheE73KPFhNZP1xBdX8il/ml//4POuXfz nsnZveHrOOEdZPz/UXj5IqejF/lbluX7/z13V2VyVXJZ8muvAqVzQZuTqzQy5OTuRG+5u2KH b8tSj061vft65k4v1dkwY93HpgPflhW/CVmwfpESS3FGoqEWc1FxIgCIKbPTFAMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/dbound/2_cHyTlvArMArtKgJALzOV6JpeA>
Subject: Re: [dbound] [EXTERNAL] Re: RDBD 01 Comments
X-BeenThere: dbound@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS tree bounds <dbound.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dbound>, <mailto:dbound-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dbound/>
List-Post: <mailto:dbound@ietf.org>
List-Help: <mailto:dbound-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dbound>, <mailto:dbound-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2019 13:01:59 -0000

The original intent was a providing a bit more of a hurdle to falsifying responses.  I didn't think we could realistically rely on DNSSEC as a requirement (I'm imagining a situation where we have DNSSEC, and someone goes off to Route53 to host a domain where DNSSEC is not supported last I knew), so was hoping this would provide a bit more of a loose assurance that this relationship is intentional.

--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast

> -----Original Message-----
> From: John Levine <johnl@taugh.com>;
> Sent: Wednesday, March 20, 2019 2:04 PM
> To: dbound@ietf.org
> Cc: Brotman, Alexander <Alexander_Brotman@cable.comcast.com>;
> Subject: [EXTERNAL] Re: [dbound] RDBD 01 Comments
> 
> In article
> <ac159edaa05641ffa59e7358209ea0a4@COPDCEX19.cable.comcast.com>; you
> write:
> >Hello folks,
> >
> >Stephen and I are still looking for additional comments on the newer
> >revision of RDBD [1].  We'd really like to work with everyone to move
> >this forward if possible.  Additionally, he and I should both be in Prague next
> week if you'd like to have some in-person discussions.
> >
> >Thank you for your time
> >
> >[1] https://tools.ietf.org/html/draft-brotman-rdbd-01
> 
> Hm.  I see that instead of DKIM-like signatures, now it's DNSSEC-like
> signatures.
> 
> But I still have the same question: what advantage does all of this crypto stuff
> provide compared to a much simpler design where the two domains just
> have records that point at each other, like a cut down version of Andrew's
> SOPA?
> 
> One difference is that you can't tell by looking at the primary/relating domain
> what its secondary/related domains are.  I can't tell if that's a bug or a
> feature.