Re: [Din] Fwd: New Version Notification for draft-mayrhofer-did-dns-01.txt

Alexander Mayrhofer <alex.mayrhofer.ietf@gmail.com> Mon, 18 February 2019 14:01 UTC

Return-Path: <alex.mayrhofer.ietf@gmail.com>
X-Original-To: din@ietfa.amsl.com
Delivered-To: din@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92806130F61 for <din@ietfa.amsl.com>; Mon, 18 Feb 2019 06:01:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W2Sz0R9Xc0_p for <din@ietfa.amsl.com>; Mon, 18 Feb 2019 06:01:07 -0800 (PST)
Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46428130F0F for <din@irtf.org>; Mon, 18 Feb 2019 06:01:07 -0800 (PST)
Received: by mail-lj1-x230.google.com with SMTP id z25so6617611ljk.8 for <din@irtf.org>; Mon, 18 Feb 2019 06:01:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xrKMxa3eLLvIENo5zHYk34Tv2Ez2s6JXwIAaF9Z4Z70=; b=Dzj1McnijAKX1tMQM+90dUkr0SmKPokJDJz8IwUypLBsj2Sf8Eat3Eh5Uwr3zo+sgF ojVe4Czb7sMaJsQMsroK/nGfYH4xBGVej54IlAzAgELW99DyqmXsjIJtUjz0zYhtnn0r 6uh75uYqar9gN2mLHETNTutPqgzgntD3skhXo0fa/Q/5Re6htEjfLNY4gOkLsns+uu97 LRqwdd0FKxVECx9q7TvWKmVVnUOX504fbK3ljwCwpe9axj7dq6jFzLC+PeGJZBxbDqnj /C+P+PxMcC8bsgFNMPral4bsDSfNy9QnNMawFdTgsXM7JYF0/RXJxn6UoeFZlALWb56q IuUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xrKMxa3eLLvIENo5zHYk34Tv2Ez2s6JXwIAaF9Z4Z70=; b=l1ve9mK10HBXng27zFtFLKn+aqAfI5TV3j5iGVBwyNVJvTN0VP9Y/T6hoyKEEojVWj 24WKCqldyBi3woyxRWW3oB6sQlaCtIPe4g7FIwFEcfvl3T3nhqXzjIZurfvck4qR8kSC /U1oKUpvyEUT+/jafNnn0l4Y8RdToCzO2fJk69BbG2ev5yj0u1rauZwTNCO2TxdeijXX YHyS2ZtJ3dNnRr1ZWnMMnTf2OQsR+WnvOuFdPJX+aqBSiHTX+XMf8fNScxdRyI0Mt4Gm DjPAB/XQteLqFjEC/wLPNZQn5rHSqFzmCTe24w4zbJj7k61wWZ4Yyby2ceVjrHPVQUEz eEqQ==
X-Gm-Message-State: AHQUAubN1M9mAYrJaL4x8wW3R69YlovuqPQJfNAe4xgAe4zdJbdPwKbm gsWI/N3/mya6wfZ4PJzdoqhDkjPwyTK0JupZMHA=
X-Google-Smtp-Source: AHgI3IZA1EKSTmHE09ipOSQxS1BhyJsMXMnycZ0yt44y5du0fKczzsJqKvLQKkloBXhjOfbrNRWHAbHYQXOTQE3LHZQ=
X-Received: by 2002:a2e:90cd:: with SMTP id o13mr4866643ljg.153.1550498465345; Mon, 18 Feb 2019 06:01:05 -0800 (PST)
MIME-Version: 1.0
References: <154963392249.31188.16873618915255886209.idtracker@ietfa.amsl.com> <CAHXf=0r0DqC_XHw-2=h4ZkH5SgjzTjPMuML3GjxtQbe6so3=vw@mail.gmail.com> <20190215093714.t23ulbslbg52t2dp@nic.fr>
In-Reply-To: <20190215093714.t23ulbslbg52t2dp@nic.fr>
From: Alexander Mayrhofer <alex.mayrhofer.ietf@gmail.com>
Date: Mon, 18 Feb 2019 15:00:54 +0100
Message-ID: <CAHXf=0o4CBNV2UsskGA5xQ2Vam4jeTPgpnEEvhUp8h3rb0=5Xw@mail.gmail.com>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Cc: IETF DNSOP WG <dnsop@ietf.org>, din@irtf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/din/qYqtZPZVvXodDX_A8aePE7Rho5Q>
Subject: Re: [Din] Fwd: New Version Notification for draft-mayrhofer-did-dns-01.txt
X-BeenThere: din@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of distributed Internet Infrastructure approaches, aspects such as Service Federation, and underlying technologies" <din.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/din>, <mailto:din-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/din/>
List-Post: <mailto:din@irtf.org>
List-Help: <mailto:din-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/din>, <mailto:din-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Feb 2019 14:01:18 -0000

Stephane, all,

[I feel cautious about continuing to cross-post this to dnsop as well
as dinrg - however, it does apply to both areas, so i'll keep both
groups in for now]

On Fri, Feb 15, 2019 at 10:37 AM Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
> I think that it is an important work because it brings the power of
> the DNS to many other identifier systems. So, I support it.

Thanks - great to hear. I'm hearing that DIDs are being used in more
and more situations, so i think it makes sense to define that
"bridging" protocol between the two "worlds.

> May be more examples could help people figure out the use cases? "My
> Bitcoin address is at foobar.example" and then the Bitcoin software
> would query _did.foobar.example and get
> <did:bitcoin:1NZc7FJ7eHJgRMRSrmncJJM9bPnusJeuR6>.

I will add more examples in the next revision. We also need to include
an example for the "email address" use case.

> I note that there exists already non-standard (and probably not really
> deployed) solutions in that space, some specific to a TLD
> <https://www.nominet.uk/domain-names-unlock-new-potential-on-blockchain/>
> <http://domainincite.com/23273-my-brain-explodes-trying-to-understand-mmxs-new-blockchain-deal-for-luxe>

I'm aware of the .luxe initiative, however, i haven't yet seen any
technical specifications about how the connection between DNS and
Blockchains is performed. If anybody has a pointer, i'd definitely
appreciate it.

The other alternative proposal i've found is https://openalias.org/ -
scroll down for their definition of the TXT record. They don't use
DIDs as far as i understand, though.

> Regarding draft -01: it seems OK to me. The only problem I find:
>
> > particularly the concerns around downgrade attacks when the record
> > is not signed
>
> Why downgrade attacks specifically? Without DNSSEC, a lot of attacks
> are possible.

I agree, that section requires some rewording. I'm referring to the
language in the OpenPGP DANE RFC here. I'm happy to work on more text,
and open to suggestions :)

best,
Alex