Re: [dbound] draft-brotman-rdbd

"John R. Levine" <johnl@iecc.com> Mon, 01 April 2019 02:14 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dbound@ietfa.amsl.com
Delivered-To: dbound@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE1D312002E for <dbound@ietfa.amsl.com>; Sun, 31 Mar 2019 19:14:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M2q6BVodTByW for <dbound@ietfa.amsl.com>; Sun, 31 Mar 2019 19:14:21 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D498120004 for <dbound@ietf.org>; Sun, 31 Mar 2019 19:14:21 -0700 (PDT)
Received: (qmail 45420 invoked from network); 1 Apr 2019 02:14:20 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:content-id:user-agent; s=b168.5ca173fc.k1903; bh=aHHqsVYUycAj8sxishbagiEJ5+mF/uHJc3dxp/8Mnc8=; b=GAvERX1SjEXYrtR1GfMULTr4N4Enk4S9PkMPwafPBsXjJLKFAzRd73soqAOQCB0f8QOdVB6YBNtv3B08rGuvKE+TAw25SBPfjbVQyzrhTNI0rZhXpOIq6KNJ2Evezq2Ckw7tKl2u838xzE3z4n2zQ7QX2QI6bKBLKFxXLZuG9eQPnMqgwwKNZQYu2g0un2YLxnlLgdXsJTiQLew/PUVgNyOdTtsnE9K+eDlrsuYZ9QuZODTDVFPyYq6KvMx5cZwl
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 01 Apr 2019 02:14:19 -0000
Date: 31 Mar 2019 22:14:19 -0400
Message-ID: <alpine.OSX.2.21.1903312212440.10050@ary.qy>
From: "John R. Levine" <johnl@iecc.com>
To: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
Cc: dbound@ietf.org
In-Reply-To: <6b13a06f-ece2-d1c5-83b9-cfa0a30914f3@cs.tcd.ie>
References: <f6862326-40e1-d804-cefe-e63c79a0534d@andreasschulze.de> <alpine.OSX.2.21.1903311818070.8860@ary.qy> <26d0eebb-1086-2f2c-056a-ba10dc9e6ac9@cs.tcd.ie> <alpine.OSX.2.21.1903312059110.9650@ary.qy> <dd05deff-b7d4-b605-0c25-d401a7858ff7@cs.tcd.ie> <alpine.OSX.2.21.1903312150240.9966@ary.qy> <6b13a06f-ece2-d1c5-83b9-cfa0a30914f3@cs.tcd.ie>
User-Agent: Alpine 2.21 (OSX 202 2017-01-01)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-1086578356-1554084814=:10050"
Content-ID: <alpine.OSX.2.21.1903312213520.10050@ary.qy>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dbound/QQxrE9Gbedf4AbpPUEhop2ckMQ8>
Subject: Re: [dbound] draft-brotman-rdbd
X-BeenThere: dbound@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS tree bounds <dbound.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dbound>, <mailto:dbound-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dbound/>
List-Post: <mailto:dbound@ietf.org>
List-Help: <mailto:dbound-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dbound>, <mailto:dbound-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2019 02:14:23 -0000

PS:

>> For one thing, DKIM associates a key in the DNS with signatures in
>> messages.  The DKIM key is public but the message isn't.  In this
>> design, both ends are in the DNS and both are public.
>
> That makes no difference here that I can see. How does an RDBD
> signature become worse because the signature bits are public?

It doesn't, but since you can inspect DNS records pointing both ways, the 
signature buys you nothing of value.  If you can believe the signature 
record has integrity because whatever, you can believe the same thing 
about a much simpler pointer record.

Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly