Re: [dbound] RDBD 01 Comments

"John Levine" <johnl@taugh.com> Wed, 20 March 2019 18:03 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dbound@ietfa.amsl.com
Delivered-To: dbound@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75689131084 for <dbound@ietfa.amsl.com>; Wed, 20 Mar 2019 11:03:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=V/LAwfka; dkim=pass (1536-bit key) header.d=taugh.com header.b=n3THNKts
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HSd1G4ugwt0P for <dbound@ietfa.amsl.com>; Wed, 20 Mar 2019 11:03:44 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34EA61310AB for <dbound@ietf.org>; Wed, 20 Mar 2019 11:03:43 -0700 (PDT)
Received: (qmail 51498 invoked from network); 20 Mar 2019 18:03:42 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=c928.5c92807e.k1903; bh=32lQM/AP2IilSsifU+snjazC5dwHLPoofhYwBPgnYas=; b=V/LAwfkaCkK7rVhBD8wNcZW4VzFxNv5ce5WeiBAdCbI8PcG5LwbND4O586BJ8O9jqflGSJO2xOP9RaWfibfQSuGIeP65ifMIRynD5YBHO3MN234wwzkM1+GUbNrG0xxbKi7lEm2YQ5hNNwJWunz1uxkM5WUwc7PPSCRXlYwCXeMMLIfxmWN7/hNg+IXLi796P9pkXcun4837vZyJRbKEFyW/OdR3RuP+/t7GIwNskYZ0JopiaJDGrbc2arHyIHyz
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=c928.5c92807e.k1903; bh=32lQM/AP2IilSsifU+snjazC5dwHLPoofhYwBPgnYas=; b=n3THNKtsNTsuIQxLBSiYUZoi+ZItfYGNxzvp1cP7kWRLmEeTisA37LiQExfsD4TW/0ibB8vQzeVDeUERGadGWWLd6xJXTH8ZOQ0Exxp+t5kvHKHXUtcLMNk6jemxWiWcBEvJU1wA4TgHJKPdM3Wyk9r+Tlh0lrSXchpTeczX+AwmJg3Tqh7wkUzmQWWH2uLrH0Mwb9SfZA1//0SKkqtub9bn1fCsVnLANhRm652/n9JgKyHaqpNEumgpuXi1EYD7
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 20 Mar 2019 18:03:41 -0000
Received: by ary.qy (Postfix, from userid 501) id 9885A20104BD45; Wed, 20 Mar 2019 14:03:41 -0400 (EDT)
Date: 20 Mar 2019 14:03:41 -0400
Message-Id: <20190320180341.9885A20104BD45@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: dbound@ietf.org
Cc: Alexander_Brotman@comcast.com
In-Reply-To: <ac159edaa05641ffa59e7358209ea0a4@COPDCEX19.cable.comcast.com>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dbound/tXghAjUAiezkJLA0FlO0Sy__lrQ>
Subject: Re: [dbound] RDBD 01 Comments
X-BeenThere: dbound@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS tree bounds <dbound.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dbound>, <mailto:dbound-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dbound/>
List-Post: <mailto:dbound@ietf.org>
List-Help: <mailto:dbound-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dbound>, <mailto:dbound-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Mar 2019 18:03:47 -0000

In article <ac159edaa05641ffa59e7358209ea0a4@COPDCEX19.cable.comcast.com>; you write:
>Hello folks,
>
>Stephen and I are still looking for additional comments on the newer revision of RDBD [1].  We'd really
>like to work with everyone to move this forward if possible.  Additionally, he and I should both be in
>Prague next week if you'd like to have some in-person discussions.
>
>Thank you for your time
>
>[1] https://tools.ietf.org/html/draft-brotman-rdbd-01

Hm.  I see that instead of DKIM-like signatures, now it's DNSSEC-like signatures.

But I still have the same question: what advantage does all of this
crypto stuff provide compared to a much simpler design where the two
domains just have records that point at each other, like a cut down
version of Andrew's SOPA?

One difference is that you can't tell by looking at the
primary/relating domain what its secondary/related domains are.  I can't tell if that's
a bug or a feature.