Re: [dbound] draft-brotman-rdbd

"John R. Levine" <> Sun, 31 March 2019 22:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 02177120013 for <>; Sun, 31 Mar 2019 15:29:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1536-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 47TAzqC3CAh9 for <>; Sun, 31 Mar 2019 15:29:39 -0700 (PDT)
Received: from ( [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C40341201E4 for <>; Sun, 31 Mar 2019 15:29:38 -0700 (PDT)
Received: (qmail 77627 invoked from network); 31 Mar 2019 22:29:37 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple;; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=12f39.5ca13f51.k1903; bh=iUvVbPs8NMAIUKClx2GXJYPFhEwH+ewG1WOPD4TuAjo=; b=bQ2gYrWawoPQ6NhUz1GX2OhTpLrkOKMRVjWaroFgaGrjLb2I2gR+Y9X6qKyKlRTpStsbl7Ir9SZOILsOoK7QDiYkA3v3siuIsy/0PdBzjHlJbhOhTcloGs1o+h/7uodfuowo11SVDrh5umOnnOW5s2Gz7nKuffYDSVklBKm6VHIO4GXUoVILzSPkanIz+jWSJc83DwjKPUkk4azTrF032rVQogqrsPhtiio0i/9jauvcTidEa/2h9n6bpyHwBI6w
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 31 Mar 2019 22:29:37 -0000
Date: 31 Mar 2019 18:29:36 -0400
Message-ID: <alpine.OSX.2.21.1903311818070.8860@ary.qy>
From: "John R. Levine" <>
To: "A. Schulze" <>
In-Reply-To: <>
References: <>
User-Agent: Alpine 2.21 (OSX 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <>
Subject: Re: [dbound] draft-brotman-rdbd
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS tree bounds <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 31 Mar 2019 22:29:41 -0000

> 1.
>> We include an optional digital signature mechanism...
> why optional? without any signature wouldn't it possible to any third party to express any relationship?

Don't really understand this question, but see my prior messages about the 
threat model.  I have yet to understand what problem the signatures solve, 
that couldn't be addressed more simply by putting records at the relating 
and related domains that point at each other.

>> RDBD is intended to demonstrate a relationship between registered domains, not individual hostnames.
> where is the border? May publicsufficlist help defining them?

Presumably one would use the PSL to find the appropriate places to look.

> 2.1 / 2.2
> as zone apex is likely to be overloaded today, defining something like _drbd.example covering RDBDKEY and RDBD data comes in mind.

Since the records have new rrtypes, I don't understand what you mean by 
"overloaded".  Underscore prefixes are mostly for TXT records and these 
are not TXT records.

John Levine,, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail.