IETF Logo Mail Archive

Re: [dbound] [UNVERIFIED SENDER] Re: BoF request for IETF 115

"Vixie, Paul" <upavixie@amazon.com> Thu, 22 December 2022 22:08 UTC

Return-Path: <prvs=348669512=upavixie@amazon.com>
X-Original-To: dbound@ietfa.amsl.com
Delivered-To: dbound@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16F1CC14CE25 for <dbound@ietfa.amsl.com>; Thu, 22 Dec 2022 14:08:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iHXkMkZwJjqa for <dbound@ietfa.amsl.com>; Thu, 22 Dec 2022 14:08:54 -0800 (PST)
Received: from smtp-fw-80006.amazon.com (smtp-fw-80006.amazon.com [99.78.197.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39524C14F72F for <dbound@ietf.org>; Thu, 22 Dec 2022 14:08:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1671746934; x=1703282934; h=from:to:cc:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version:subject; bh=DMKf1jmzDnCHnRzhovhzu8Tvg5BOJk8H3NpoxkgT+RY=; b=OGsMi3qsbE9Irtji4OsfYZgxLPDkAiRO6OR4KfjK/sjZiGkuKExrQQZe 0D1mjr8EiNBZe8RwbnFJK1z4/gdZQ4RuInh+3A+HSEQs4vV5x2hGfbBSV Lx8t1SmtY8mkZjBYfjvYzm5LjVc8HBWfs736QI/jXh8+CRmnL4JMehMpU k=;
X-IronPort-AV: E=Sophos;i="5.96,266,1665446400"; d="scan'208";a="164459465"
Thread-Topic: [UNVERIFIED SENDER] Re: [dbound] BoF request for IETF 115
Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO email-inbound-relay-iad-1a-m6i4x-bbc6e425.us-east-1.amazon.com) ([10.25.36.210]) by smtp-border-fw-80006.pdx80.corp.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Dec 2022 22:08:42 +0000
Received: from EX13MTAUWB001.ant.amazon.com (iad12-ws-svc-p26-lb9-vlan3.iad.amazon.com [10.40.163.38]) by email-inbound-relay-iad-1a-m6i4x-bbc6e425.us-east-1.amazon.com (Postfix) with ESMTPS id 8AF638682B; Thu, 22 Dec 2022 22:08:41 +0000 (UTC)
Received: from EX19D036UWB003.ant.amazon.com (10.13.139.172) by EX13MTAUWB001.ant.amazon.com (10.43.161.249) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Thu, 22 Dec 2022 22:08:40 +0000
Received: from EX19D036UWB002.ant.amazon.com (10.13.139.139) by EX19D036UWB003.ant.amazon.com (10.13.139.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1118.20; Thu, 22 Dec 2022 22:08:40 +0000
Received: from EX19D036UWB002.ant.amazon.com ([fe80::23a6:1fe3:c104:21b6]) by EX19D036UWB002.ant.amazon.com ([fe80::23a6:1fe3:c104:21b6%4]) with mapi id 15.02.1118.020; Thu, 22 Dec 2022 22:08:40 +0000
From: "Vixie, Paul" <upavixie@amazon.com>
To: John R Levine <johnl@taugh.com>
CC: "dbound@ietf.org" <dbound@ietf.org>
Thread-Index: AQHZFig93xHCEuAuA0CgdXPK40D6lK56KtQAgAAMnYD//7oFgA==
Date: Thu, 22 Dec 2022 22:08:40 +0000
Message-ID: <BAF66F10-718A-4B8B-8C5E-A01A8F57D10C@amazon.com>
References: <CAL0qLwaePPropS=uijZ5iu5xJN=4PabY-F_hCG-MQ68+dwX3Bw@mail.gmail.com> <20221221185656.AD56856D7051@ary.qy> <7B0AA07F-29DD-4834-A32C-C3E48E181CBA@amazon.com> <c52ade51-b30d-ff5c-2f6b-800227452978@taugh.com> <CADyWQ+FcbfNTEB0LpZEriwUw1JC6ropFVrFEomGi0Q-2vMtJsg@mail.gmail.com> <52da7db1-530e-fa42-a6f4-c6ec055adafb@taugh.com> <C147CF80-4753-48AB-8091-4120DA640F78@amazon.com> <CADyWQ+EP_J7bgNdJ4KOPawJvOOrsgv0gH888XFRw0DwvQqaudA@mail.gmail.com> <c50304af-8055-b4cb-4e1a-eb8bcd325d14@taugh.com>
In-Reply-To: <c50304af-8055-b4cb-4e1a-eb8bcd325d14@taugh.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.85.218.183]
Content-Type: text/plain; charset="utf-8"
Content-ID: <E58FE91D0843E94BA0442085477CB39E@amazon.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dbound/5yXCUVMwYwQyJiEAJhO9v9i-r0k>
Subject: Re: [dbound] [UNVERIFIED SENDER] Re: BoF request for IETF 115
X-BeenThere: dbound@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DNS tree bounds <dbound.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dbound>, <mailto:dbound-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dbound/>
List-Post: <mailto:dbound@ietf.org>
List-Help: <mailto:dbound-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dbound>, <mailto:dbound-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Dec 2022 22:08:55 -0000

You are right. See inline.

-- 
Paul Vixie
VP & Distinguished Engineer

-----Original Message-----
From: John R Levine <johnl@taugh.com>
Date: Thursday, December 22, 2022 at 10:19

    >> I think similarity in the SOA RNAME, or the content of an apex RP RR (*),
    >> could be used by zone administrators who wanted that level of
    >> organizational transparency. ...

    It seems like you're assuming the org boundaries match zone cuts.

You're right, I was, and that's silly.

    Sometiems they do, but often they do not.  For example, there are PSL
    entries list *.compute.amazonaws.com where the stuff below is mostly or
    entirely in a zone at AWS.

As you know, we could create zone cuts if we had to, but let's call it a silly idea and move on.

    If you don't assume it's zone cuts, as far as I can tell that means you're
    back to trying to enumerate all of the DNS, and good luck with that.

    This really is a hard problem.

Here "this" refers to the ability to (as an example) let google.com set a cookie which would be sent to gmail.com. I agree that it's a hard problem. If someone wants to work on that problem in the IETF, I have yet to see evidence of that interest. The coalition of the willing that I hope we can isolate for this WG is narrowly just the thing Tim quoted out of the earlier charter:

   What appears to be needed is a mechanism to determine policy realm
   boundaries in the DNS.  That is, given two domain names, one needs to
   be able to answer whether the first and the second are either within
   the same policy realm or have policy realms that are related in some
   way.  We may suppose that, if this information were to be available,
   it would be possible to make useful decisions based on the
   information.

(https://datatracker.ietf.org/doc/html/draft-sullivan-dbound-problem-statement-02)

v2.23.0 | Report a Bug | By Email