Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft

Ted Lemon <mellon@fugue.com> Wed, 27 February 2019 18:38 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dbound@ietfa.amsl.com
Delivered-To: dbound@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3318613102A for <dbound@ietfa.amsl.com>; Wed, 27 Feb 2019 10:38:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uI8JDl7rGzZn for <dbound@ietfa.amsl.com>; Wed, 27 Feb 2019 10:38:53 -0800 (PST)
Received: from mail-qk1-x741.google.com (mail-qk1-x741.google.com [IPv6:2607:f8b0:4864:20::741]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBC311310AF for <dbound@ietf.org>; Wed, 27 Feb 2019 10:38:51 -0800 (PST)
Received: by mail-qk1-x741.google.com with SMTP id x6so10482269qki.6 for <dbound@ietf.org>; Wed, 27 Feb 2019 10:38:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=2QPCN32Ao2HiNLp+i6ku3dRSMhR7eyjHhcOIkTPD7tk=; b=l9/mQAeURPi0ZrCFulSN6Ku3t/i6oAfI5CFrKxeacwdlWgks4dUKFCxNS6Dx6wiL79 YDztJjRQ5C1NPW+GY6tu/1pf7nEUfgelJCti6LKfUla3IXy+2542+wXX9FiVSjKAvM7v CxKrqeSCcPxoo+Vygymv19+yX4DmBgY/aLuYj+/vL9/bB9eeQ3kdnKrH+lqjHVBXlU7N MpbNyQPBCWK6hJkcq7JjTkq+p8Zujxf2W77iEm9lue87MjCARvbDAlYtDP3gGfdbHp1l DM8pFCgbEU/NAr9CHm1/9keeAk3OhjhCthY2J9xF3kyg6EjHRPMuOkTOTTEsAFR/BKfz cfYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=2QPCN32Ao2HiNLp+i6ku3dRSMhR7eyjHhcOIkTPD7tk=; b=K/nU2qLpOJ54ZpSRTkbqsVawnK2dTqJRFUwmV6RvpMpe50yO6j7Fw2diE6hfF2rcO/ F7xuB3NaEygt/NWYJSPXge4lQRwhoineAQO38ZjRvsSDAm3w38unXRBxWsAyPhAoZSEW 5+m0JK013/sJAW1Pxp2teDpsImVm38dCxrPWqc/3kAdiN/FmQbN/YIxPKK/QRUQjL+80 UfZ4mpYKqpLkInfwlCmRgH6o2d5+zbwYDT05dUdKOIwyMf6s8u1sejWGKda9XA/aBXBa UkXe+xj5oxIxJFJyWH+tbuDXvMnrlbzcH/npJ0rtZo1OH0tJd+tjBM95a3i415IX9M39 6EXA==
X-Gm-Message-State: AHQUAuYGG2/F+sOkxuBfIz26Olrw/qx82X+d5kRYJfeuS1ampFNqY5LP 99hDz4bp75+jr+nddbKs9/F3dRiLahknDg==
X-Google-Smtp-Source: AHgI3IY/f4J14AyrkkINfQCGNGqXkYevc8creyvFKWCLQnERJk+XPBjKMcZYHD8yIOpJmYBXfQzcQA==
X-Received: by 2002:a05:620a:1362:: with SMTP id d2mr3373237qkl.210.1551292730827; Wed, 27 Feb 2019 10:38:50 -0800 (PST)
Received: from [10.0.100.12] (c-73-186-137-119.hsd1.nh.comcast.net. [73.186.137.119]) by smtp.gmail.com with ESMTPSA id o26sm8915764qkk.51.2019.02.27.10.38.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 Feb 2019 10:38:49 -0800 (PST)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <CF78A911-D3BD-47C0-B25D-CCD359FFCC5B@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_9E73AE07-C186-4A6D-83C3-51E8CDC2460C"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.2\))
Date: Wed, 27 Feb 2019 13:38:46 -0500
In-Reply-To: <8cbf0062-35c6-a8bd-e809-c6a5e9ce16c8@cs.tcd.ie>
Cc: Paul Wouters <paul@nohats.ca>, "Brotman, Alexander" <Alexander_Brotman@comcast.com>, "art@ietf.org" <art@ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>, "dbound@ietf.org" <dbound@ietf.org>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> <alpine.LRH.2.21.1902270920580.8896@bofh.nohats.ca> <alpine.LRH.2.21.1902271037500.21061@bofh.nohats.ca> <8cbf0062-35c6-a8bd-e809-c6a5e9ce16c8@cs.tcd.ie>
X-Mailer: Apple Mail (2.3445.104.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dbound/JtzSnvdUNGLhCCjOSiq3vonoSQU>
Subject: Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft
X-BeenThere: dbound@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS tree bounds <dbound.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dbound>, <mailto:dbound-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dbound/>
List-Post: <mailto:dbound@ietf.org>
List-Help: <mailto:dbound-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dbound>, <mailto:dbound-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2019 18:38:55 -0000

On Feb 27, 2019, at 10:57 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie>; wrote:
> Yep. After both domains have DNSSEC, then this could all be
> simpler. Before they do, there may be value in the sigs though
> see John's simplification suggestion at [1].

If they don’t have DNSSEC, what’s the point of saying the domains are related anyway?   What are the security properties of such an assertion when the content of the zones can’t be validated?