Re: [dbound] Fw: New Version Notification for draft-yao-dbound-dns-solution-00.txt
Casey Deccio <casey@deccio.net> Tue, 13 October 2015 16:21 UTC
Return-Path: <casey@deccio.net>
X-Original-To: dbound@ietfa.amsl.com
Delivered-To: dbound@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1247E1A8731 for <dbound@ietfa.amsl.com>; Tue, 13 Oct 2015 09:21:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W2wOs3VnvALa for <dbound@ietfa.amsl.com>; Tue, 13 Oct 2015 09:21:51 -0700 (PDT)
Received: from mail-ig0-x22e.google.com (mail-ig0-x22e.google.com [IPv6:2607:f8b0:4001:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFC531A86F1 for <dbound@ietf.org>; Tue, 13 Oct 2015 09:21:50 -0700 (PDT)
Received: by igbni9 with SMTP id ni9so60995808igb.1 for <dbound@ietf.org>; Tue, 13 Oct 2015 09:21:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=deccio.net; s=google; h=mime-version:date:message-id:subject:from:to:content-type; bh=NQwJcp3xoQmFcAUbktISj9zKUcxy6y69WJ5OXa3NBQ0=; b=TNgdmKG/2MoRTSMJCFihH5LyA2fodo4aurKMKfm2hyISLGbIAAXnnBKzP+Hs5/yj1f Qp7eVOj832kvEWI1QWBlbBuPyRRz0DWNr1LFi6mhjFMva/nJBIcGaAD5jQQebCjGHMws iV95uaGP+vppeSahvsT6LFilMjGO04GFkldy8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=NQwJcp3xoQmFcAUbktISj9zKUcxy6y69WJ5OXa3NBQ0=; b=X/9pqx0jdrZrePN72c0hziCKh9gyQvRJ1jwUx55TGeHmraliE1BJ2v06ngM8JpifyV vn93aAMXqJWUmuMeYNeccK0qvzL/ugnA5i4ynmMmE0HzaX/M2KWdDLHbIv3vMR9/KfFr mkMk9nf/6N0Hglo2yDtth70YCrXnsVfcrYE2Q4CxiY/28p6NkG1MQexbnBAPrZinAppb Ghntfmm51SbRku/+L5+7fh8Pyav2G/C/k+XX30F6jLvLpMBkTowGqEL+LqYvz4IxzRRP TZmPujza20wPCyeaWpUTDiZCWjoI4vmmsOKzNVMtXa5/djCQhSkRqDS+9vDubkxGIPZp LyZg==
X-Gm-Message-State: ALoCoQnLtAN8gPn1vOgZp6wD6xfJ5ssc+KYXLwpqjS98xv1cCAv6Ml0iS5sxMLbatZXjiLptd/b6
MIME-Version: 1.0
X-Received: by 10.51.17.34 with SMTP id gb2mr17410238igd.80.1444753310272; Tue, 13 Oct 2015 09:21:50 -0700 (PDT)
Received: by 10.50.159.230 with HTTP; Tue, 13 Oct 2015 09:21:50 -0700 (PDT)
Date: Tue, 13 Oct 2015 12:21:50 -0400
Message-ID: <CAEKtLiQXDaF-Pq5x3ncm-rV5d0BS03WnDpYAuSQxNrLGvaJJ2g@mail.gmail.com>
From: Casey Deccio <casey@deccio.net>
To: "dbound@ietf.org" <dbound@ietf.org>
Content-Type: multipart/alternative; boundary="001a1135ed32d8f8100521fed717"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dbound/NDJK7n_9aZpUI0dF5MFEmmFNEtY>
Subject: Re: [dbound] Fw: New Version Notification for draft-yao-dbound-dns-solution-00.txt
X-BeenThere: dbound@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS tree bounds <dbound.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dbound>, <mailto:dbound-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dbound/>
List-Post: <mailto:dbound@ietf.org>
List-Help: <mailto:dbound-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dbound>, <mailto:dbound-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Oct 2015 16:21:57 -0000
On Tue, Sep 29, 2015 at 5:06 AM, Jiankang Yao <yaojk@cnnic.cn> wrote: > I submit a draft about dbound solution. > any comments are welcome. > > Thanks for the submission. I have read the draft and provide comments below. General - One of the challenges I have in following this is with lack of use cases, including how this mechanism applies to those cases. Several concrete uses of the PSL are documented elsewhere, and those would be a starting point. It is hard to tell what this adds without those cases. Expiration/Inception - as others have expressed, this is entirely unnecessary and simply adds complexity. Expiration and inception in DNSSEC are to prevent replay, but in this context, the issue seems to be more about convenience. The records could just be added and removed at the desired time to have the same effect. Relation - draft-deccio-dbound-name-relationships-00 (referenced) does indeed mention two types of relationships, but the point of that distinction was to divide the problem space, not to indicate that those relationship types needed to be identified explicitly in a solution. In fact, ancestral relationships are identified simply by comparing two names--that exists inherently in the DNS (and it is noted in the referenced relationships draft). The policy relationship is what is undefined, whether two names are already ancestrally related or not. This field therefore is unnecessary and potentially problematic. How would you anticipate it being used? Target names - the PSL is used as an example for a service location example of the Target Name field. I'm not sure exactly what that means. The PSL only indicates boundaries, not relationships. That is, it cannot confirm relationships, only repudiate them. It seems to me that perhaps this was an attempt to leverage an existing technology for backwards compatibility, but the PSL simply doesn't provide the same type of service as what I think you are trying to provide otherwise. Administrative boundary - the term "administrative boundary" seems to take the place of "relationship" later in the text. There subtle distinctions between boundaries and relationships. For example, there is a reference on page to knowing "whether two names A and B share the same administrative boundary". I suppose I'm still thinking of boundaries in the namespace here, in which case two names might be "policy-related", but they might not "share" boundaries. In any case it is not clear what is being referenced. Examples would be very helpful for clarity. Regards, Casey
- [dbound] Fw: New Version Notification for draft-y… Jiankang Yao
- Re: [dbound] Fw: New Version Notification for dra… Daniel Kahn Gillmor
- Re: [dbound] Fw: New Version Notification for dra… John Levine
- Re: [dbound] Fw: New Version Notification for dra… Andrew Sullivan
- Re: [dbound] Fw: New Version Notification for dra… yaojk
- Re: [dbound] Fw: New Version Notification for dra… manning
- Re: [dbound] Fw: New Version Notification for dra… yaojk
- Re: [dbound] Fw: New Version Notification for dra… John R Levine
- Re: [dbound] Fw: New Version Notification for dra… yaojk
- Re: [dbound] Fw: New Version Notification for dra… yaojk
- Re: [dbound] Fw: New Version Notification for dra… John R Levine
- Re: [dbound] Fw: New Version Notification for dra… Andrew Sullivan
- Re: [dbound] Fw: New Version Notification for dra… yaojk
- Re: [dbound] Fw: New Version Notification for dra… Jiankang Yao
- Re: [dbound] Fw: New Version Notification for dra… yaojk
- Re: [dbound] Fw: New Version Notification for dra… Andrew Sullivan
- Re: [dbound] Fw: New Version Notification for dra… Andrew Sullivan
- Re: [dbound] Fw: New Version Notification for dra… Casey Deccio
- Re: [dbound] Fw: New Version Notification for dra… Jiankang Yao
- Re: [dbound] Fw: New Version Notification for dra… Kurt Andersen (b)
- Re: [dbound] Fw: New Version Notification for dra… Andrew Sullivan
- Re: [dbound] Fw: New Version Notification for dra… Andrew Sullivan
- Re: [dbound] Fw: New Version Notification for dra… Kurt Andersen
- [dbound] wildcard issue and two way assertion Jiankang Yao