Re: [dns-privacy] Alternative signalling propsals
Warren Kumari <warren@kumari.net> Mon, 17 December 2018 21:13 UTC
Return-Path: <warren@kumari.net>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3533C126F72 for <dns-privacy@ietfa.amsl.com>; Mon, 17 Dec 2018 13:13:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.359
X-Spam-Level:
X-Spam-Status: No, score=-3.359 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3ymaKCdIu6bz for <dns-privacy@ietfa.amsl.com>; Mon, 17 Dec 2018 13:13:32 -0800 (PST)
Received: from mail-wr1-x435.google.com (mail-wr1-x435.google.com [IPv6:2a00:1450:4864:20::435]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9FC012958B for <dns-privacy@ietf.org>; Mon, 17 Dec 2018 13:13:31 -0800 (PST)
Received: by mail-wr1-x435.google.com with SMTP id z5so13749975wrt.11 for <dns-privacy@ietf.org>; Mon, 17 Dec 2018 13:13:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MydkhRKPHhsrQhRhNiT6O/Svxyp5ySzCwqFjp0ipoTs=; b=JJZBoEQpHBhv3AicuOLX4RKocsr8mlnoPDNYr6swTo3T2dt/mT4iVAdpsQaIp6NHIN 9Hzf0EqE1F9aXP2bEeJ+DooGoM8SN3P8Z0Ee7NmFFzzZRioLd9RK7w/bhb19NBkBR+BP rStc5AzVOgs7n2pLyxWA5Rx5+gnq/PzBxJ2MWKAuc4siCgha7/RtTZbmfX3nR/MdAl0w 5xGSsH4DkqrP6fpgV1Aka96rpkxjoqOmskF9jvyGP8c4zSqnZc8GW+pSuyVAYFhqTg6V Yu5ePgET6QQT/y0HI0q30wWcurHeKcz90fFL0us842JkMTuMH90c9nC83N5PyaIz16WT YX+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MydkhRKPHhsrQhRhNiT6O/Svxyp5ySzCwqFjp0ipoTs=; b=N0VH3lZPi2Vk46SdcUNH5h74jTuv1BQj/ly1wGc69HcGgv1oYGGC07m3Tzi8JUMQo8 JbYiH5YNN3o/TTmY4ujjYHG7P8ztnNc8PBoTOUBrq2OKGphMWzzchil15d96E1KZZsW8 X3ir5svwtLW3/UZah+lCLAI+kUhbrzUmNyAtjwaGhefw1bHs1/zlLSs2cEa4VgLFaCJ3 YABleToS9CRaG5ztZPXHklMKtIXb5CIqSsVLhQ5XUWLNxBatOwbFUPUkJntmyUE6BH+7 Rbpy9AJz673mC1k30ogbbQhJKhIVwWjoe683EuwkfVk/LRlnTLkDe69bh9kbsvwc27NZ 5bIQ==
X-Gm-Message-State: AA+aEWZ31hgvpwfR43x5G6DBBpxnB9l1YBFR9ihQa+PX+U53A3VWdtx+ UcmcWrYsn6bOnQIFtkP0gjvZkSIhcdcqiwKQx4wMtA==
X-Google-Smtp-Source: AFSGD/XkglssWPi7iyYoJZsKQiV9IeIc4pSRNREjiaOtn1kJiHngHchFrgT+lOYahOyKBEMNaz9A4nhbH9tlLWJTQgw=
X-Received: by 2002:adf:f101:: with SMTP id r1mr12395607wro.32.1545081209940; Mon, 17 Dec 2018 13:13:29 -0800 (PST)
MIME-Version: 1.0
References: <74C380A3-C69F-4340-A723-B134F052953E@akamai.com> <yblwoo8vxlk.fsf@w7.hardakers.net> <alpine.LRH.2.21.1812171434580.5262@bofh.nohats.ca>
In-Reply-To: <alpine.LRH.2.21.1812171434580.5262@bofh.nohats.ca>
From: Warren Kumari <warren@kumari.net>
Date: Mon, 17 Dec 2018 16:12:53 -0500
Message-ID: <CAHw9_i+8oDs-wKioQgLx4WBvD64BaZiLL3zQa96sc44L_u5Q7w@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>
Cc: Wes Hardaker <wes@hardakers.net>, dns-privacy@ietf.org
Content-Type: multipart/alternative; boundary="000000000000ab07c3057d3e408d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/7k-DrrnHqsQU0eIQKnhTQncPtHc>
Subject: Re: [dns-privacy] Alternative signalling propsals
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Dec 2018 21:13:34 -0000
On Mon, Dec 17, 2018 at 2:37 PM Paul Wouters <paul@nohats.ca> wrote: > On Mon, 17 Dec 2018, Wes Hardaker wrote: > > > cons: > > - not everyone controls their reverse zone easily, especially for those > > that don't hold at least a /24 allocation. Ironically, I fall into > > this camp but still think this is a better solution than a name-based > one. > > - requires more lookups > > Your ISP should support Classless Delegations, RFC 2317 > > https://tools.ietf.org/html/rfc2317 > > I have deployed this successfully. > Is that a "should" or "SHOULD"? 'cos it certainly isn't a MUST :-P I've tried contacting my ISPs over the years, and the responses have been: 1: "OK, click Start, then Shutdown... Now press the power key and and we'll wait for it to boot" 2: "What? Um. Have you tried turning it off and on again?" 3: "What? Huh. Nope, never heard of that." 4: "You are a dynamic customer. We cannot do anything like that for dynamic customers... Sorry, no we don't do static IPs for residential. Oh! You have a static subnet routed to you?! Weird, I didn't know we did that... " 5: "Yes, we have plans to support IPv6 in the future...." [no idea what that has to do with anything ] 6: "We don't allow users to run servers, and so there is no need for you to have reserve DNS". Perhaps you've just been lucky and gotten an ISP which sucks less? W > > > - requires the reverse tree for that address be fully signed > > That might be tricker, if your upstream ISP does not believe in DNSSEC > signing. > > Paul > > _______________________________________________ > dns-privacy mailing list > dns-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/dns-privacy > -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
- [dns-privacy] Alternative signalling propsals Reed, Jon
- Re: [dns-privacy] Alternative signalling propsals Warren Kumari
- Re: [dns-privacy] Alternative signalling propsals Jon Reed
- Re: [dns-privacy] Alternative signalling propsals Warren Kumari
- Re: [dns-privacy] Alternative signalling propsals Paul Wouters
- Re: [dns-privacy] Alternative signalling propsals Stephen Farrell
- Re: [dns-privacy] Alternative signalling propsals Daniel Kahn Gillmor
- Re: [dns-privacy] Alternative signalling propsals Daniel Kahn Gillmor
- Re: [dns-privacy] Alternative signalling propsals Stephen Farrell
- Re: [dns-privacy] Alternative signalling propsals Mark Andrews
- Re: [dns-privacy] Alternative signalling propsals Wes Hardaker
- Re: [dns-privacy] Alternative signalling propsals Paul Wouters
- Re: [dns-privacy] Alternative signalling propsals Warren Kumari
- Re: [dns-privacy] Alternative signalling propsals Tony Finch
- Re: [dns-privacy] Alternative signalling propsals Wes Hardaker
- Re: [dns-privacy] Alternative signalling propsals Petr Špaček