Re: [dbound] [art] Related Domains By DNS (RDBD) Draft
Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 26 February 2019 15:51 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: dbound@ietfa.amsl.com
Delivered-To: dbound@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 9A708129532
for <dbound@ietfa.amsl.com>; Tue, 26 Feb 2019 07:51:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id vqzJKYbJisLI for <dbound@ietfa.amsl.com>;
Tue, 26 Feb 2019 07:51:53 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 957A2128CB7
for <dbound@ietf.org>; Tue, 26 Feb 2019 07:51:53 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
by mercury.scss.tcd.ie (Postfix) with ESMTP id B7591BE53;
Tue, 26 Feb 2019 15:51:51 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([127.0.0.1])
by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id DtMCy_EtuJuE; Tue, 26 Feb 2019 15:51:51 +0000 (GMT)
Received: from [134.226.36.93] (unknown [134.226.36.93])
by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 6C32FBE51;
Tue, 26 Feb 2019 15:51:51 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail;
t=1551196311; bh=++iTXgFaoi1aSKJ3auJo56WZCTfaDnO2K4pJIDYyhz0=;
h=To:Cc:References:From:Subject:Date:In-Reply-To:From;
b=xZQoLomoTAXwZb9tLgb8oJ2iDiKWhv6gqNss1WSTu+DC+owtA/XfLCu8ybWyO9nD5
nw9qljZMb2GGsHwrFAB0MHeKJEF7yZ5K2kXg5jNkxFKoE54j0XJpnQvaAHOAgodrab
0kqjEIjmx08GhS03wnXa+pUCenAfknV8jPFwMjnM=
To: John R Levine <johnl@taugh.com>
Cc: Alexander_Brotman@comcast.com, dbound@ietf.org
References: <20190226032027.B52BE200EC0B38@ary.local>
<250922de-26c5-da8d-0b25-c69bc6d56337@cs.tcd.ie>
<alpine.BSF.2.21.9999.1902261021210.6114@gal.iecc.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url=
Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata=
mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh
5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+
QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr
EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU
bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO
Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg
b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k
4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK
7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi
HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh
cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ
CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m
x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN
hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G
rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz
DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi
Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS
3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml
3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi
2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95
8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru
q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5
SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey
4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+
TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S
VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld
/n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v
l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/
6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA
L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7
zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ
+w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b
Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h
sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1
oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt
SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL
AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0
FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK
CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+
6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI
ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH
4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw==
Message-ID: <72c13f04-0a5c-53b0-a980-5cfb69ea866d@cs.tcd.ie>
Date: Tue, 26 Feb 2019 15:51:49 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
Thunderbird/60.4.0
MIME-Version: 1.0
In-Reply-To: <alpine.BSF.2.21.9999.1902261021210.6114@gal.iecc.com>
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="V4D42Bej17ojr9E8ww6xNCQiqVvyQDnq8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dbound/q-LtHaAVyO6PpsFlfj99JXD28XA>
Subject: Re: [dbound] [art] Related Domains By DNS (RDBD) Draft
X-BeenThere: dbound@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS tree bounds <dbound.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dbound>,
<mailto:dbound-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dbound/>
List-Post: <mailto:dbound@ietf.org>
List-Help: <mailto:dbound-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dbound>,
<mailto:dbound-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Feb 2019 15:51:57 -0000
Hiya, On 26/02/2019 15:26, John R Levine wrote: >> Main differences I see are: >> - RDBD has DKIM-like signatures (so a bit of computational >> complexity) > > It does, but they don't prove anything that you wouldn't already know if > you can look stuff up in the DNS. Not sure I agree. While I accept a signature doesn't provide a strong "proof", it can provide evidence that the primary is ok with the secondary claiming that some relationship exists and that the primary was involved in creation of the RR values. (The "can provide evidence" above of course depends on things like DNSSEC or using a previously cached version of the public key etc.) But regardless of that... > > ... So if you want to do > this, here's what I'd do. > > We have a new record type, call it SAME. Each SAME record has a flag > for parent/child and a domain name. So if foo.com wants to say it's the > same as foo-bar.org: > > foo.com. SAME 1 foo-bar.org. > > foo-bar.org SAME 0 foo.com. > > If foo.com wants to claim many other domains, it can publish as many > SAME records as it needs to. I'd be fine if we had such an RFC and be happy if people wanted to publish such RRs in their zones. If the above existed, we could in any case define a way to digitally sign for the relationship separately, if there was support for doing so, and that could be done now or later. > If new RRs are too scary, you can do it with a txt record and a prefix: > > _same.foo.com TXT "v=same 1 foo-bar.org" > > _same.foo-bar.org TXT "v=same 0 foo.com" Could be done. I suspect the IETF-process overhead of having a fight over TXT vs a new RR type isn't really worthwhile myself, so a new RR type would be just fine by me. Cheers, S. > > Regards, > John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY > "I dropped the toothpaste", said Tom, crestfallenly. > > _______________________________________________ > dbound mailing list > dbound@ietf.org > https://www.ietf.org/mailman/listinfo/dbound
- [dbound] Related Domains By DNS (RDBD) Draft Brotman, Alexander
- Re: [dbound] [art] Related Domains By DNS (RDBD) … John Levine
- Re: [dbound] [art] Related Domains By DNS (RDBD) … Stephen Farrell
- Re: [dbound] [art] Related Domains By DNS (RDBD) … John R Levine
- Re: [dbound] [art] Related Domains By DNS (RDBD) … Stephen Farrell
- Re: [dbound] [art] Related Domains By DNS (RDBD) … John R Levine
- Re: [dbound] [art] Related Domains By DNS (RDBD) … Stephen Farrell
- Re: [dbound] [DNSOP] Related Domains By DNS (RDBD… Bob Harold
- Re: [dbound] [DNSOP] Related Domains By DNS (RDBD… Stephen Farrell
- Re: [dbound] [DNSOP] Related Domains By DNS (RDBD… Paul Wouters
- Re: [dbound] [DNSOP] Related Domains By DNS (RDBD… Brotman, Alexander
- Re: [dbound] [DNSOP] Related Domains By DNS (RDBD… Paul Wouters
- Re: [dbound] [DNSOP] Related Domains By DNS (RDBD… Paul Wouters
- Re: [dbound] [DNSOP] Related Domains By DNS (RDBD… Stephen Farrell
- Re: [dbound] [DNSOP] Related Domains By DNS (RDBD… Stephen Farrell
- Re: [dbound] [DNSOP] Related Domains By DNS (RDBD… Tony Finch
- Re: [dbound] [DNSOP] Related Domains By DNS (RDBD… Hollenbeck, Scott
- Re: [dbound] [DNSOP] Related Domains By DNS (RDBD… Paul Wouters
- Re: [dbound] [art] [DNSOP] Related Domains By DNS… John Levine
- Re: [dbound] [DNSOP] Related Domains By DNS (RDBD… David Conrad
- Re: [dbound] [DNSOP] Related Domains By DNS (RDBD… John R. Levine
- Re: [dbound] [DNSOP] Related Domains By DNS (RDBD… Ted Lemon
- Re: [dbound] [art] [DNSOP] Related Domains By DNS… Stephen Farrell
- Re: [dbound] [art] [DNSOP] Related Domains By DNS… John C Klensin
- Re: [dbound] [art] [DNSOP] Related Domains By DNS… Jothan Frakes
- Re: [dbound] [DNSOP] Related Domains By DNS (RDBD… Michael J. Sheldon
- Re: [dbound] [art] [DNSOP] not DNAME, was Related… John R Levine
- Re: [dbound] [art] [DNSOP] Related Domains By DNS… John Levine
- Re: [dbound] [art] [DNSOP] Related Domains By DNS… Stephen Farrell
- Re: [dbound] [art] [DNSOP] Related Domains By DNS… John R Levine
- Re: [dbound] [art] [DNSOP] not DNAME, was Related… John C Klensin
- Re: [dbound] [art] [DNSOP] not DNAME, was Related… Tony Finch
- Re: [dbound] [art] [DNSOP] not DNAME, was Related… Suzanne Woolf
- Re: [dbound] [art] [DNSOP] not DNAME, was Related… Samuel Weiler
- [dbound] Related Domains By DNS (RDBD) Draft Stephen Farrell
- Re: [dbound] Related Domains By DNS (RDBD) Draft Samuel Weiler
- Re: [dbound] Related Domains By DNS (RDBD) Draft Stephen Farrell