IETF Logo Mail Archive

Re: [dns-privacy] [Ext] DS Hacks

Ben Schwartz <bemasc@google.com> Fri, 30 July 2021 17:38 UTC

Return-Path: <bemasc@google.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F2DA3A0749 for <dns-privacy@ietfa.amsl.com>; Fri, 30 Jul 2021 10:38:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.085
X-Spam-Level:
X-Spam-Status: No, score=-10.085 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.499, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4tL8zM2tfpLl for <dns-privacy@ietfa.amsl.com>; Fri, 30 Jul 2021 10:37:58 -0700 (PDT)
Received: from mail-wr1-x435.google.com (mail-wr1-x435.google.com [IPv6:2a00:1450:4864:20::435]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1AC293A0688 for <dns-privacy@ietf.org>; Fri, 30 Jul 2021 10:37:57 -0700 (PDT)
Received: by mail-wr1-x435.google.com with SMTP id n12so12291249wrr.2 for <dns-privacy@ietf.org>; Fri, 30 Jul 2021 10:37:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MIOGN/S8wyHHf3lFe1CejnhEZoAld85AzyAhFsoYluA=; b=MelvxQoSLkbkGzmcIHynArIe9cVu6LaqDmTspjycYBEvISlJH+kAKy9YQiCxFRUwf1 mZCKdqDwFcd6W+tebtDgSAgDqID/t9CDXCwqQsSOfhLRCYTOaZZHFdo3dWdjkemOUk7f 2KXilf/umNTlBa533ERxWswx/0TJkZSwvRwa+ROSJ7Zjfxh4nY9W1HwzFVHHz5xXm81k EqjdyIJ79KNA2+VqYUczyqLTcxM1E2AmZpe+vHscDaJDAtzARKbWc1qMu0njjD6dKob8 lKNTz6+us6oSw7uLYFJTQ5E4uiBe0V+AXAz1k7sHLEsx7UUMj8SExafjQRrsz2HuqsWK sxVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MIOGN/S8wyHHf3lFe1CejnhEZoAld85AzyAhFsoYluA=; b=SJ3lWtggwDmZrReJwkWy1Bn3oyPa1N3ig4jkQrAFzX+Z08x7UVB2oqAN0yghuRUNWh Gl5gX+V8l7n7/WRt7qPR5UuRKEh+14ZG0Sn3DeH8Y4L/5bpCG3ioK435C//hi4FvX2iQ cfNw/8RkKMjsqCnxE4rvrYFSIm1NkY+UtNRFv1rnnWR0VCvTKUsjCcWJQZIcqhg6Ftqq WTZVwh8ptL8GUwicjdQ2AvYzYApoNqCLvmkzgxOhWYzT4DFbdFIgLyzL5Ha2EH1mysUi +KEtT/xSg1gCEGK284Hn/DPWonZDroFsTKzbUAJjVWyBQRn4gfbjpr3EFlL+kCbBravq 96dw==
X-Gm-Message-State: AOAM531STekAvgwfhs4Ze78c3/FIxFsfV4c4YpbgR7ZgpR0Dw01Fr8Lz 2hqjBw2hcx5z5cspQEM93G+/f4eXu7mSFMFNbG9Zwg==
X-Google-Smtp-Source: ABdhPJxRwIMoOQdjhlW08G1IeCcqERAzhS4Qy+jYOtinAulr1wV3UBkzzro04NIIDXGnEFcuHVYA/Rc/R9XthMim1qQ=
X-Received: by 2002:adf:d20e:: with SMTP id j14mr4081976wrh.177.1627666674674; Fri, 30 Jul 2021 10:37:54 -0700 (PDT)
MIME-Version: 1.0
References: <CAHbrMsAXFiPT_P_hdWXborXnbw3YagjW6aXXvGJnxWbtRofB2g@mail.gmail.com> <5f649d68-94be-579a-31c6-6ad02466cd15@time-travellers.org> <CAHbrMsCj8LzJff7BXwnY4TOcOU2POuZfP4h+fyA6VUKeGpksCQ@mail.gmail.com> <E0430A84-D844-4B79-B71F-A92A21942329@icann.org>
In-Reply-To: <E0430A84-D844-4B79-B71F-A92A21942329@icann.org>
From: Ben Schwartz <bemasc@google.com>
Date: Fri, 30 Jul 2021 13:37:43 -0400
Message-ID: <CAHbrMsCPPq-o8U4mhFPZ1U+GE+57yneEGo7AD5uDQ_QDDUO0rw@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: DNS Privacy Working Group <dns-privacy@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000fa59f105c85aad39"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/XiAQTX1mGNJTg6remxU0MO3Gr0U>
Subject: Re: [dns-privacy] [Ext] DS Hacks
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 17:38:12 -0000

On Fri, Jul 30, 2021 at 1:34 PM Paul Hoffman <paul.hoffman@icann.org> wrote:

> I'm confused here. Are you saying that the DS owner name for an
> out-of-bailiwick NS would still be the name of that NS?


No, it would be the owner name of that NS record, which is the child apex.
This is also the owner name of the DS record.  The name of the NS is in the
RDATA.

v2.23.0 | Report a Bug | By Email