Re: [dbound] [art] Related Domains By DNS (RDBD) Draft

"John R Levine" <johnl@taugh.com> Tue, 26 February 2019 15:26 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dbound@ietfa.amsl.com
Delivered-To: dbound@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57121128CB7 for <dbound@ietfa.amsl.com>; Tue, 26 Feb 2019 07:26:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=BwdHkGk6; dkim=pass (1536-bit key) header.d=taugh.com header.b=HrzZxQSF
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ieL7dDtw2GQs for <dbound@ietfa.amsl.com>; Tue, 26 Feb 2019 07:26:15 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32368130E69 for <dbound@ietf.org>; Tue, 26 Feb 2019 07:26:14 -0800 (PST)
Received: (qmail 7356 invoked by uid 100); 26 Feb 2019 15:26:12 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent:cleverness; s=1cba.5c755a94.k1902; i=johnl@user.iecc.com; bh=r/vUH/coqTsWjQby9TZ7EAD3PlRJVqWX1kz92x1RvIo=; b=BwdHkGk6ZvLAUZrPd+UyKDbg3FBhWjOtHDcfa87eZzCbYauM3tEktU0VihKhvr27tSw5wKcyNKl3VccgQaGLIIJzqK1AV4Mt1Q7s0aBuGlHhwCAWAUcjliWBmI/AUt4z3vBcmgORQ0eALl6kJZUHct8MetLhuYpRwdbvhmDCGQXn9h1+KtxecSMJvf3gWixFNoIaOXV/JfzND6zlQbRk83JLuayOl26C2ZEtMHy2VFV1T13xb5UCBkH6uYhjQE2p
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent:cleverness; s=1cba.5c755a94.k1902; olt=johnl@user.iecc.com; bh=r/vUH/coqTsWjQby9TZ7EAD3PlRJVqWX1kz92x1RvIo=; b=HrzZxQSFiRhZ3ncPZS1zeFOaCnSbkOqZqSa1uBcPDCwcAb8QaXmlIOmkmUYlI9KcaxVKEL+2B1KmBfCOp/Ds/sCu+lyWpQHv77ByQI73BJUMj1twVv9YsgD8CjiV9oBHaGV/O/gT+Z3NuD+zNgsKXYxBartrhATXVM3JW5/OfAOgsR00xifKTzjBsO93v8Nzcxm5nFYCEsRne5BYFzW5KQilYmMPG9SiSUoHOrRAqnQOhSoqv8qiwNniskgZWd6c
Date: 26 Feb 2019 10:26:12 -0500
Message-ID: <alpine.BSF.2.21.9999.1902261021210.6114@gal.iecc.com>
From: "John R Levine" <johnl@taugh.com>
To: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
Cc: dbound@ietf.org, Alexander_Brotman@comcast.com
In-Reply-To: <250922de-26c5-da8d-0b25-c69bc6d56337@cs.tcd.ie>
References: <20190226032027.B52BE200EC0B38@ary.local> <250922de-26c5-da8d-0b25-c69bc6d56337@cs.tcd.ie>
User-Agent: Alpine 2.21.9999 (BSF 287 2018-06-16)
Cleverness: None detected
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/dbound/PON1ipCbK_ea67fbyvhUzSfj5og>
Subject: Re: [dbound] [art] Related Domains By DNS (RDBD) Draft
X-BeenThere: dbound@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS tree bounds <dbound.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dbound>, <mailto:dbound-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dbound/>
List-Post: <mailto:dbound@ietf.org>
List-Help: <mailto:dbound-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dbound>, <mailto:dbound-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Feb 2019 15:26:18 -0000

> Main differences I see are:
> - RDBD has DKIM-like signatures (so a bit of computational
>  complexity)

It does, but they don't prove anything that you wouldn't already know if 
you can look stuff up in the DNS.

SOPA was inanely overcomplicated (apparently due to the demands of an IESG 
member who didn't understand the problem.)  So if you want to do this, 
here's what I'd do.

We have a new record type, call it SAME.  Each SAME record has a flag for 
parent/child and a domain name.  So if foo.com wants to say it's the same 
as foo-bar.org:

foo.com. SAME 1 foo-bar.org.

foo-bar.org SAME 0 foo.com.

If foo.com wants to claim many other domains, it can publish as many SAME 
records as it needs to.

If new RRs are too scary, you can do it with a txt record and a prefix:

_same.foo.com TXT "v=same 1 foo-bar.org"

_same.foo-bar.org TXT "v=same 0 foo.com"

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
"I dropped the toothpaste", said Tom, crestfallenly.