IETF Logo Mail Archive

Re: [dbound] BoF request for IETF 115

Tim Wicinski <tjw.ietf@gmail.com> Thu, 22 December 2022 07:24 UTC

Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dbound@ietfa.amsl.com
Delivered-To: dbound@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B091C14CE25 for <dbound@ietfa.amsl.com>; Wed, 21 Dec 2022 23:24:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4IHYIFupjHhJ for <dbound@ietfa.amsl.com>; Wed, 21 Dec 2022 23:24:08 -0800 (PST)
Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5884C14CF0E for <dbound@ietf.org>; Wed, 21 Dec 2022 23:24:08 -0800 (PST)
Received: by mail-ej1-x62b.google.com with SMTP id qk9so2905100ejc.3 for <dbound@ietf.org>; Wed, 21 Dec 2022 23:24:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=5RHGQ/j9FqodqxRnDYaiByZte7xN3BEDkjCSYHsb430=; b=nFGBCIx0VL+oURpfKTFthxOX6yBVdQZWRgXOFWrMjcDgnrQE0M4goDhBGxdf/Fs5gZ 6HjrE2c+LXzhIN0001vFPAGDeIpLzi/810Ayoun3MoakBC+SV73kIM94GDTKt4eYJu+R 0n4J/iPvSoBtzx45D2dtkXV8IikOvzGxfq3a+M8uHm5kn8XUiEJA8Cvw+ilXxmxSvkYO jzhHjkNPGhbYJACoP2c5aQPtfPbZ6XzrW975oAjRf2FbD5XbqWfasxxeO529rS3PArns Khn35XxzyEWO9DC3TxfB78rlY3CnYly8ASltXNUQ7/EBXYWAv2AAgaFH9uSFQrGfn9Bw 1PBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=5RHGQ/j9FqodqxRnDYaiByZte7xN3BEDkjCSYHsb430=; b=j+/pMcWwbM/r9YYOY2X+UtuQESkWK8NeTuYwCQ1+8JsnKPufdHBwCbJvX+KMkzzBgi HB4LSJ8hYC/OZwSNNnAqjga/N7jKkkRIqJojBRiubWhz/3Ydqndu0/mqnbd0uRbbG98M gCxBjfE6aMe9fL6h+EhfKEozqFibnO+yTIlpP6AGMD/tkUqKqdVs2OESAELYsrzXZf+W c14SEMg6iWdTrKCBo++JKPtEzkrDQQTi93xTy1qFeafqyZyiWCDgFpjf1hKsD5c8rGLt INE+RShNS5PPboTzafk/cAx+aFnqf1XEMIxRgRM9s9S/HMwKQ2IF8lFIuXsQQ5NuRX8I vIYA==
X-Gm-Message-State: AFqh2kozs6yczSieKls/kWDdSXamN3Ew3irkQ7yNEr3Pd+lEAWogDED8 yfB9S8/4yHI7Mv3FyLDLle3di+C766f1vfOx28dMCvumjl0=
X-Google-Smtp-Source: AMrXdXsbcb2jecUXidPFKKaJvAANFD0jm7UMi5xkBsa9EnSqOqFCUQiid7U/6MVIjMO+/SuZfVEULZYIsTHnRweiTr8=
X-Received: by 2002:a17:906:268f:b0:82e:a03c:3960 with SMTP id t15-20020a170906268f00b0082ea03c3960mr247133ejc.359.1671693846660; Wed, 21 Dec 2022 23:24:06 -0800 (PST)
MIME-Version: 1.0
References: <CAL0qLwaePPropS=uijZ5iu5xJN=4PabY-F_hCG-MQ68+dwX3Bw@mail.gmail.com> <20221221185656.AD56856D7051@ary.qy> <7B0AA07F-29DD-4834-A32C-C3E48E181CBA@amazon.com> <c52ade51-b30d-ff5c-2f6b-800227452978@taugh.com> <0E589D51-AB3C-4E8A-8F57-33FFD579B31E@amazon.com>
In-Reply-To: <0E589D51-AB3C-4E8A-8F57-33FFD579B31E@amazon.com>
From: Tim Wicinski <tjw.ietf@gmail.com>
Date: Thu, 22 Dec 2022 02:23:53 -0500
Message-ID: <CADyWQ+H6kiktTMKE4CHu+YzZ=0FbtK3dR_myc+ZhsrUwWFMrVg@mail.gmail.com>
To: "Vixie, Paul" <upavixie=40amazon.com@dmarc.ietf.org>
Cc: John R Levine <johnl@taugh.com>, "dbound@ietf.org" <dbound@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e7487e05f0658d18"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dbound/6K2E-ko-ofZKYETiY7I3FfcA2-U>
Subject: Re: [dbound] BoF request for IETF 115
X-BeenThere: dbound@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DNS tree bounds <dbound.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dbound>, <mailto:dbound-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dbound/>
List-Post: <mailto:dbound@ietf.org>
List-Help: <mailto:dbound-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dbound>, <mailto:dbound-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Dec 2022 07:24:12 -0000

On Thu, Dec 22, 2022 at 12:38 AM Vixie, Paul <upavixie=
40amazon.com@dmarc.ietf.org> wrote:

> See inline.
>
> --
> Paul Vixie
> VP & Distinguished Engineer
>
> -----Original Message-----
> From: John R Levine <johnl@taugh.com>
> Date: Wednesday, December 21, 2022 at 19:12
>
>     ... Take another look at my draft.  If we expect each TLD to publish
> its own
>     dbound records, it's not practical to extract them mechanically from
> the
>     zone.
>
> I will take another look. I think that the aggregator (someone like the
> PSL team is today) who wants complete coverage ("to be relevant and
> successful") will have to invite people to enter things into some kind of
> corpus (via web site, API, whatever). Today ("the PSL") they supply a
> record. In a post-DBound world I expect they will supply a domain name.
> These domain names will drive a mechanical extraction process whereby the
> actual data is found (or not) in the DNS itself. Only aggregators (like the
> PSL team is now) and their audiences will care about this.
>

Yes, I totally agree.  And if the data ends up in an IANA registry, the
process would still be the same in my mind.

>
>     ... I suppose I coould tweak it and put in some links to make the lower
>     level records easier to find, but that's one of those things that
> doesn't
>     exist yet that I referred to.
>
>     I think Casey's design has the same problem.
>
> I think that would be a mistake. Putting the data into the DNS itself
> makes it possible to look it up in real time (similar to how ASN
> information is looked up in real time by https://github.com/dnsdb/dnsdbq).
> Aggregation would be a valuable second use case but the aggregator will
> have its own way to know (see above) what periodic real-time lookups to
> make.
>
> I think there is no way to reach consensus on a high quality way to
> directly support aggregation. So we just have to improve that aggregation
> over how things work today in order to drastically reduce the work load for
> teams like PSL and drastically improve the capabilities for
> non-aggregation-based work flows.
>
>
And to Paul V's point on ketchupping,  I am making the assumption that if
you own "fancy.cloud", you are looking to say "NS records for
super.fancy.cloud are not ours."   (creating real examples of DNS records
clarifies things for me).

Also, I was reviewing the original problem statement


https://datatracker.ietf.org/doc/html/draft-sullivan-dbound-problem-statement-02

and this paragraph was what I was

   What appears to be needed is a mechanism to determine policy realm
   boundaries in the DNS.  That is, given two domain names, one needs to
   be able to answer whether the first and the second are either within
   the same policy realm or have policy realms that are related in some
   way.  We may suppose that, if this information were to be available,
   it would be possible to make useful decisions based on the
   information.


This was the situation I was thinking of.


tim





> _______________________________________________
> dbound mailing list
> dbound@ietf.org
> https://www.ietf.org/mailman/listinfo/dbound
>

v2.23.0 | Report a Bug | By Email