Re: [dbound] DBOUND and paths forward
Gervase Markham <gerv@mozilla.org> Fri, 05 August 2016 11:16 UTC
Return-Path: <gerv@mozilla.com>
X-Original-To: dbound@ietfa.amsl.com
Delivered-To: dbound@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87DD112D10B for <dbound@ietfa.amsl.com>; Fri, 5 Aug 2016 04:16:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mozilla-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X6lvYG0FIU6x for <dbound@ietfa.amsl.com>; Fri, 5 Aug 2016 04:16:57 -0700 (PDT)
Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8C7912D5A9 for <dbound@ietf.org>; Fri, 5 Aug 2016 04:16:56 -0700 (PDT)
Received: by mail-wm0-x233.google.com with SMTP id i5so32247815wmg.0 for <dbound@ietf.org>; Fri, 05 Aug 2016 04:16:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mozilla-org.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:cc:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=q+6SSy2Xi12B/7uZMecweJKCWFLgEmb8yTZaUVe6JHQ=; b=Ge1ZLSN6FdHiqO4O2HTvZpsx+3dLMkq/yGvJotIKvKJ3WFl2AgTSDNyBpe20eR/Fvh st1DdDEcZCZXW2lDz3tXkxufD1YbMaiUdR0UUSzSMxNdRzn2HPo8JDELyK87lBewsai9 MKY3Q3a7p5ajUxg2eJwecTfF9dO8+wuVmroDfby7uSCN/2yxDE3QNiattNTwrOc6bVW1 YNOppzsyM642xL5Rkd4C64bmVsm21XdLinz0qz/e/mzrPgowK7TlqOyOyYoqfN63zX2j hc+H0DbDnB2UvjXmCsZhmte3xeXCvY9MTq9Xqr0ggvoMqEkGR1Se/JlDUKZL03y1OQO9 6QWQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:cc:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=q+6SSy2Xi12B/7uZMecweJKCWFLgEmb8yTZaUVe6JHQ=; b=RrwFVbg8HFxl3MSoEc8OktN66InNBopImjVMnPHiDND5ZBtRYcjBzt2u7Rj+JyzowC g8vghiDFTDRjwCskLcyok8TnGBs/RslH+7uSoWRWlXUJAvtIne32kZlcJkcf7HCjOvDV temKxo0EU6dhktyrgUWAL/r0E4i8b7RwOdzePoMh9Jh4+hqS8mS84KmXERJebaZfCijR VxKtC4xsu6yMl31J/sirvC5Ikiyulwt1GqRc5uH3LnIWOAvi5emAs+wGZuAom8x5uyjt zipoE8GtjsnkmkVsIDaS6G3sHVyKE36RAeMUyM8Kd/CI5Wd0NrtY8gaJ6HS3wMYQO+o9 xPXA==
X-Gm-Message-State: AEkoous01YQ5k8nlVezuzmdbNkWIBNz+8VXrrYZ5J0bJuyRNp3ttVqPpMaSwuVAqbPaWyx2E
X-Received: by 10.194.89.129 with SMTP id bo1mr42549316wjb.105.1470395815252; Fri, 05 Aug 2016 04:16:55 -0700 (PDT)
Received: from [192.168.0.102] (host81-140-248-56.range81-140.btcentralplus.com. [81.140.248.56]) by smtp.gmail.com with ESMTPSA id q4sm17364226wjk.24.2016.08.05.04.16.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 05 Aug 2016 04:16:53 -0700 (PDT)
To: "dbound@ietf.org" <dbound@ietf.org>
References: <CAL0qLwbeWRLd8tF045xYn00FLH3Dm1u=DR3-Gjb7oot+GYEr6Q@mail.gmail.com>
From: Gervase Markham <gerv@mozilla.org>
Message-ID: <5fd67461-a474-7ab5-3201-54fb1d5887e0@mozilla.org>
Date: Fri, 05 Aug 2016 12:16:53 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <CAL0qLwbeWRLd8tF045xYn00FLH3Dm1u=DR3-Gjb7oot+GYEr6Q@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dbound/9xtoRBbj6PelH2fO9b4Ne6oN2Ws>
Cc: Ryan Sleevi <sleevi@google.com>
Subject: Re: [dbound] DBOUND and paths forward
X-BeenThere: dbound@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DNS tree bounds <dbound.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dbound>, <mailto:dbound-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dbound/>
List-Post: <mailto:dbound@ietf.org>
List-Help: <mailto:dbound-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dbound>, <mailto:dbound-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2016 11:18:16 -0000
Hi everyone, I'm super-late to this thread, and it may be that I'm too late entirely, but nevertheless: On 24/05/16 01:54, Murray S. Kucherawy wrote: > The small pseudo design team observed that it appears as though there is > actually only one community likely to implement our solutions in the > short term, and that is the email community. We perceive it to be > unlikely that a solution produced by this working group for the web > security issue would be adopted in short order by any of the browser > producers. They simply have not expressed a desire to contribute and > adopt, or even concur that there's a serious problem that needs to be > solved. I don't think that's true. There's not an _acute_ problem that needs to be solved, but it is a reasonably serious one. The current mechanisms of both maintaining the PSL and also of shipping and querying it may not be able to scale indefinitely. The current list contains about 8,500 entries, but we had a (technically invalid, but only because the wrong person applied) request to add another 85,000 entries last week. >From a personal perspective, my lack of willingness to contribute has been about my assessment of my own abilities and (lack of) understanding of the technical space in which the fix lives, not a lack of interest in seeing an outcome. > With that in mind, your co-chairs propose that we abandon any grand > unified theory of domain boundary evaluation and focus only on this > email use case. If there is a change of heart from other communities, > or some unifying idea does appear, we can re-evaluate our options at > that time. However, in the interests of being productive toward our > original goals, we propose to assume that is not the case and will not > be in the near future. It was lack of time to read this list, not lack of desire to see a positive outcome, which led to me not fully appreciating the import of this direction change when it was originally posted. While the PSL "works" for browsers now, it will not work forever. In a browser context, the use cases are pretty clear and if only that case were considered (rather than the "grand unified theory"), I'm sure there are a number of possible technical solutions which would work to give domain owners direct control over their boundary-setting. This group seems like the correct collection of people who could solve this problem by proposing changes to the Internet infrastructure, and I'm very sad that the current plan is not to solve it. :-| I suspect that if it's not solved formally, it'll end up being solved informally using some half-assed definition on a wiki page somewhere of the correct magic TXT records you need to add to your DNS so that someone's crawler will notice your boundaries and automatically update some copies of some PSL-like thing somewhere. Gerv
- Re: [dbound] DBOUND and paths forward Andrew Sullivan
- Re: [dbound] DBOUND and paths forward Gervase Markham
- Re: [dbound] DBOUND and paths forward Hodges, Jeff
- [dbound] DBOUND and paths forward Murray S. Kucherawy
- Re: [dbound] DBOUND and paths forward John Levine
- Re: [dbound] DBOUND and paths forward HANSEN, TONY L
- Re: [dbound] DBOUND and paths forward Kurt Andersen
- Re: [dbound] DBOUND and paths forward Paul Hoffman
- Re: [dbound] DBOUND and paths forward Jiankang Yao
- Re: [dbound] DBOUND and paths forward Casey Deccio
- Re: [dbound] DBOUND and paths forward Murray S. Kucherawy