Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft

David Conrad <drc@virtualized.org> Wed, 27 February 2019 17:23 UTC

Return-Path: <drc@virtualized.org>
X-Original-To: dbound@ietfa.amsl.com
Delivered-To: dbound@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 579AB13102A for <dbound@ietfa.amsl.com>; Wed, 27 Feb 2019 09:23:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=virtualized-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lvf0KC0ztKew for <dbound@ietfa.amsl.com>; Wed, 27 Feb 2019 09:23:31 -0800 (PST)
Received: from mail-pf1-x435.google.com (mail-pf1-x435.google.com [IPv6:2607:f8b0:4864:20::435]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FB2D13102D for <dbound@ietf.org>; Wed, 27 Feb 2019 09:23:31 -0800 (PST)
Received: by mail-pf1-x435.google.com with SMTP id j5so8327223pfa.2 for <dbound@ietf.org>; Wed, 27 Feb 2019 09:23:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtualized-org.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=ttSqyxB3cbhgqQl5fsj8buYvZ3Rg6VFsucrvLmije44=; b=KSm+OWUFLaFmx9Nz5kD1jMRCWyjQN6fQj0ERznBd+ccHQAA1lmNwMefl4Ay3uI36IN cCIOvW7lJxBfqawkgjB+bSrASDPfl0LV6rWTqD9OchlPf7gna7XWBnvXB6viGTXQU5JM gbuC+49X6qJrr8pmMCTBtFDnAkKClXR2mj4w7N2+/29UfAe4HzSMLg6tNyjNRDll2l5m aKSoUVrPyUfFdAsCWXgypqyU38tcBBzzecDCJ6z6mEtpp5oFQS9doc4pdVuxit+VDE4P UwEIQnQkr2hSPjd1wOjmnMQYo1AGlWdgOgw8MTll3sx+LV3I6k0CRcRQYq+J2T0PMXTf c9Hw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=ttSqyxB3cbhgqQl5fsj8buYvZ3Rg6VFsucrvLmije44=; b=S/xMI+8ZrKXrqEPoztOkZx+QlbSVHlEqEE+PqOOj7Nw46A3BuUYj91Zy2Od42PcXO7 9dHbw51IZfaVh+mZxsNA51hdQhQpIqvhMhqKWN3HXKgDKloZxV/WcoKzKrASag6XSStX 5XihPe0IxbeVekjQS2+MkOTpqiRjwKtpqPHd6jfLXmsYApp8ac37Dmp/n1oJOpVT6ZOV mfaExVww0arayxUsvljFwsYIu4AEWl+p5FNnfX6USFlm7bjmHwfnB6pSdn8F/fHw81Lf J43z2YvYlu0fmZFVkB+x11HBhELMeqB6JCqZJTinY4sO2oMLkEVSVRTTikx5L6gwG3km qBcg==
X-Gm-Message-State: AHQUAuaYfyvvuSD5cpl3A79JA+iM9pC1qecfGFyb2iFMNFPP0GuBVomo LsBWGbln68EnWZxcaOCRKTYSsQ==
X-Google-Smtp-Source: AHgI3IbgH24qGupZnDyISMKrI82zxtW2vQPOKLQfMj5CGaTe0LMuKerOlmYGny2sEMUq7OnGv7KoYw==
X-Received: by 2002:a63:9dc3:: with SMTP id i186mr3948537pgd.305.1551288210360; Wed, 27 Feb 2019 09:23:30 -0800 (PST)
Received: from [10.32.61.11] (32-236.lax.icann.org. [192.0.32.236]) by smtp.gmail.com with ESMTPSA id e63sm31993148pfa.116.2019.02.27.09.23.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 Feb 2019 09:23:29 -0800 (PST)
Content-Type: multipart/signed; boundary="Apple-Mail=_0223F428-57F0-4A94-92FB-A199C8BE62D4"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: David Conrad <drc@virtualized.org>
In-Reply-To: <f14544d37a774907a7cc76ab5bdb8b72@PACDCEX19.cable.comcast.com>
Date: Wed, 27 Feb 2019 18:23:22 +0100
Cc: Paul Wouters <paul@nohats.ca>, "art@ietf.org" <art@ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>, "dbound@ietf.org" <dbound@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailbutler-Message-Id: 836038D5-D2BE-4039-88D3-6AE159723752
Message-Id: <3E32ABA2-6E8E-4E92-A5FB-F194CFC62A5D@virtualized.org>
References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> <alpine.LRH.2.21.1902270920580.8896@bofh.nohats.ca> <f14544d37a774907a7cc76ab5bdb8b72@PACDCEX19.cable.comcast.com>
To: "Brotman, Alexander" <Alexander_Brotman@comcast.com>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dbound/QiVNfYZUUcBeIolz0mIK5iofhZU>
Subject: Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft
X-BeenThere: dbound@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS tree bounds <dbound.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dbound>, <mailto:dbound-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dbound/>
List-Post: <mailto:dbound@ietf.org>
List-Help: <mailto:dbound-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dbound>, <mailto:dbound-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2019 17:23:34 -0000

Alexander,

On Feb 27, 2019, at 4:32 PM, Brotman, Alexander <Alexander_Brotman@comcast.com>; wrote:
> I'm supportive of doing this in other ways, but also understand that DNSSEC is not widely deployed.

There is a difference between not being deployed and not being turned on.  My impression is that most DNS servers these days support DNSSEC, however it has largely not been enabled.  If you are going to be putting stuff into the DNS for security decisions, you need to protect that stuff and that means turning on DNSSEC.

Regards,
-drc