Re: [dbound] department of poor memory, was Fwd: New Version Notification for draft-dcrocker-dns-perimeter-00.txt

"John R. Levine" <johnl@iecc.com> Thu, 04 April 2019 13:43 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dbound@ietfa.amsl.com
Delivered-To: dbound@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E17D1205F7 for <dbound@ietfa.amsl.com>; Thu, 4 Apr 2019 06:43:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4H9XZ0i-U3Vc for <dbound@ietfa.amsl.com>; Thu, 4 Apr 2019 06:43:51 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20EA11205DD for <dbound@ietf.org>; Thu, 4 Apr 2019 06:43:50 -0700 (PDT)
Received: (qmail 41914 invoked from network); 4 Apr 2019 13:43:48 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=a3b6.5ca60a14.k1904; bh=VYa3wT1hV2Ca3wfRVFSxqhEm5MxICKRVru7+F/ZjPKU=; b=dsVofiYgBk82fvljpjKLB+CBm/G33QC5Le2IdgEg7LuwtdRjW1zj3IE0Cj2yRX4ANzGwYHSelmDsHdgZIsCkKtzayJfmDH1z6UY5zgJueTNgFFHlPd1CC4QkiqfeOnSNEHlu9oI9/0gGZQ6CjInSMsZ0gDNwPzNHMSy60FRTGnRveImAnS+TuV7IYk5u+SVgvFJ5VwRtoj9fC3w9yHChUts4aIhn5tO/lOQeLxgAv6G1P+1QIvKdOo+9niFkVsb4
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 04 Apr 2019 13:43:47 -0000
Date: 4 Apr 2019 09:43:47 -0400
Message-ID: <alpine.OSX.2.21.1904040938520.24158@ary.qy>
From: "John R. Levine" <johnl@iecc.com>
To: dcrocker@bbiw.net
Cc: "tjw ietf" <tjw.ietf@gmail.com>, dbound@ietf.org
In-Reply-To: <alpine.OSX.2.21.1904032056230.22661@ary.qy>
References: <20190403175820.8391420115F376@ary.qy> <2445c121-f77b-0fa2-ca6a-402479abb5a7@dcrocker.net> <alpine.OSX.2.21.1904031430270.21189@ary.qy> <7e61b445-3844-f769-6a59-16fa396388d0@dcrocker.net> <alpine.OSX.2.21.1904031459480.21189@ary.qy> <AFE01C0B-E47E-4D4E-B60C-FA0810BBE8F8@gmail.com> <310cc611-e1f0-2fbb-6efe-9d266869d025@dcrocker.net> <alpine.OSX.2.21.1904032056230.22661@ary.qy>
User-Agent: Alpine 2.21 (OSX 202 2017-01-01)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-1347384637-1554385427=:24158"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dbound/rYuBfumYsf61UhsUykkD9L2kyi0>
Subject: Re: [dbound] department of poor memory, was Fwd: New Version Notification for draft-dcrocker-dns-perimeter-00.txt
X-BeenThere: dbound@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS tree bounds <dbound.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dbound>, <mailto:dbound-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dbound/>
List-Post: <mailto:dbound@ietf.org>
List-Help: <mailto:dbound-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dbound>, <mailto:dbound-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2019 13:43:53 -0000

I just reread my draft draft-levine-dbound-dns-01 and see that I'd 
forgotten that it says that the design would work the same with TXT 
records as with a new rrtype, since the nodes are all under prefixed 
_bound names.  See section 9 on page 8.

If you want to compare apples to apples, you might want to adjust the 
draft to compare your prefixed TXT records to my prefixed TXT records.

R's,
John

On Wed, 3 Apr 2019, John R. Levine wrote:
> On Wed, 3 Apr 2019, Dave Crocker wrote:
>>  On 4/3/2019 12:19 PM, tjw ietf wrote:
>>>   I was going to say CAA but that’s 6 years old.
>>  5 was a random number.  I was merely meaning 'recent'.
>>
>>  But suggesting CAA in response to my query means that you think RFC 6844
>>  has received widespread -- ie, at scale -- end to end adoption and use.
>
> Every CA is supposed to check CAA records before issuing a cert to see if 
> they're allowed to issue it.  I know Let's Encrypt does and I suppose I can 
> ask them how many CAA records they see.
>
>>  Please forgive my skepticism.
>
> Well, OK, here's a question for you: when's the last time an RFC added a 
> feature to the DNS that puts records in the additional section triggered by a 
> specific label in the query?  I'm reasonably sure the answer is "never" but 
> you might ask dnsop to be sure.