Re: [dbound] department of poor memory, was Fwd: New Version Notification for draft-dcrocker-dns-perimeter-00.txt

Jothan Frakes <> Thu, 04 April 2019 20:49 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BF2471205DA for <>; Thu, 4 Apr 2019 13:49:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id s62K2U8nRGRL for <>; Thu, 4 Apr 2019 13:49:15 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::e44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6D16912021C for <>; Thu, 4 Apr 2019 13:49:15 -0700 (PDT)
Received: by with SMTP id g187so2206553vsc.8 for <>; Thu, 04 Apr 2019 13:49:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jlBU6/2zfoONaup+EXOFVE/aFvlX9HhnwR17sUpDbus=; b=G9NJelHS0juFQ8By+CaJKFxF8PJoDr68I7j4UPb+6xBD5XQ/LU0zACh5scpk+jwOaJ 5zmVXyqfYA8MhCvTZds7PqjGPC5cYPK5W2QVKj732WyRHumkQ0bXbdj/iwUBzDWPH0hR 6gSpySO3HxLi3v2+0AiADL90Li+TLXvy2vA7vAdcV3aVm+NYjfhUjnhD33lo5/xSB1Dz d61SNhQkR9Wl+p/ommtF8+/ZF20YnS7nsIYh5umKe7ojK5lp48Eyr4JhKRV0BKXuNbaN JvZ5eSa+ZKaZE4DowGNGvLjmZnoRlR+FjvEPGXK/yEKSC9TM2lc/JTO+evQH3xHCSIwp C0vA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jlBU6/2zfoONaup+EXOFVE/aFvlX9HhnwR17sUpDbus=; b=tKrYrdIdqHhfXoHLfCVOlphT+BZaoCoDi0elvQ1k4XGE68JdS6VuYAor/i3yFN4mVf bx4smE4xkNx1vLlr3f28WtD0SkuOay5s20v/qpZQC6k0E+mhjR41CSA+GvjSQwTy6Uv9 YSx3pklltaTN4zF/VQmN9zD4bqMxDllgxuiCRnquFEHwPnzPTLG/kQdCGe2kM78qvRog ujiyxi6ErJTAiSuHmB++EaJ2pnSpvyTlAq1sF0+nVBRFZINCHfkolMCVIEpeFLOEQGRW 5or+M5HaeljSMj01pVDGSTUuCqM8CFUI+wNt97ZQinEwvY4v/ofeX1cDU5FpC18ahOUh PG7g==
X-Gm-Message-State: APjAAAXKjHLOHFFd66gN2gmw0iraFpoknARVHVF6WR16V++/M98bRDfP TkdkrqsL5Jj2EYH31rqxFrNCgpl2xQRTu1Y5CSP2O2jE
X-Google-Smtp-Source: APXvYqy1hdDlrjj0XeibQ5R1AK0frnywTPdr0JBOtA+yaoF8EVid85/2QAZUFNXgvrWmzcnqcgar/ezSab89LmEcVK4=
X-Received: by 2002:a67:eb41:: with SMTP id x1mr5784403vso.84.1554410954466; Thu, 04 Apr 2019 13:49:14 -0700 (PDT)
MIME-Version: 1.0
References: <> <20190404160047.B5A292011692FD@ary.qy>
In-Reply-To: <20190404160047.B5A292011692FD@ary.qy>
From: Jothan Frakes <>
Date: Thu, 4 Apr 2019 13:49:01 -0700
Message-ID: <>
To: John Levine <>
Cc:, Dave Crocker <>
Content-Type: multipart/alternative; boundary="000000000000c6bee30585ba80ba"
Archived-At: <>
Subject: Re: [dbound] department of poor memory, was Fwd: New Version Notification for draft-dcrocker-dns-perimeter-00.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS tree bounds <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 04 Apr 2019 20:49:22 -0000

Setting aside tree walks for holistic solutions, I see per zone utillity in
a structured format that could be implemented by a zone operator...

Us PSL volunteers often require a custom txt record as a validation of
authenticity/authority of requestor on patches that get submitted.

Not saying it swaps right in to place, but (just theorizing here) one could
enhance the integrity of sections being from an authoritative administeator
AND validate the patch by matching requests against these entries within a
zone as part of the process to tighten up a match.

On Thu, Apr 4, 2019, 09:01 John Levine <> wrote:

> In article <> you write:
> >On 4/4/2019 6:43 AM, John R. Levine wrote:
> >> If you want to compare apples to apples, you might want to adjust the
> >> draft to compare your prefixed TXT records to my prefixed TXT records.
> >
> >What specific wording changes to the draft are you suggesting?
> Honestly, now that I look at it again, it's clear that none of the
> proposed hacks to avoid tree walks will work, and anything that needs
> tree walks is dead on arrival, so there's not much point.
> If you want to keep at it, as far as I can tell, the main differences
> between my 2016 proposal and this one is that I use code numbers to
> identify different kinds of boundaries and you use strings, easy
> enough to change either way, and yours requires walking up the tree
> one level at a time which can be a lot of lookups if people send
> hostile requests while mine does one lookup per defined boundary.
> You might check and see if I missed anything.
> R's,
> John
> _______________________________________________
> dbound mailing list