Re: [dns-privacy] [Ext] DS Hacks
Paul Hoffman <paul.hoffman@icann.org> Fri, 30 July 2021 18:10 UTC
Return-Path: <paul.hoffman@icann.org>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8F403A08CE for <dns-privacy@ietfa.amsl.com>; Fri, 30 Jul 2021 11:10:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4pJSCT-5FEF3 for <dns-privacy@ietfa.amsl.com>; Fri, 30 Jul 2021 11:09:59 -0700 (PDT)
Received: from ppa3.lax.icann.org (ppa3.lax.icann.org [192.0.33.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E11223A08C6 for <dns-privacy@ietf.org>; Fri, 30 Jul 2021 11:09:59 -0700 (PDT)
Received: from MBX112-E2-CO-1.pexch112.icann.org (out.mail.icann.org [64.78.33.7]) by ppa3.lax.icann.org (8.16.0.43/8.16.0.43) with ESMTPS id 16UI9tb8009865 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 30 Jul 2021 18:09:55 GMT
Received: from MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) by MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.858.12; Fri, 30 Jul 2021 11:09:54 -0700
Received: from MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) by MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) with mapi id 15.02.0858.012; Fri, 30 Jul 2021 11:09:54 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: Ben Schwartz <bemasc@google.com>
CC: DNS Privacy Working Group <dns-privacy@ietf.org>
Thread-Topic: [Ext] [dns-privacy] DS Hacks
Thread-Index: AQHXhWkw78b5NxyMhEW/cfGU4dnnuatcPbqAgAAI/gA=
Date: Fri, 30 Jul 2021 18:09:54 +0000
Message-ID: <03FDA925-2BC3-4830-B27B-5F6E19676678@icann.org>
References: <CAHbrMsAXFiPT_P_hdWXborXnbw3YagjW6aXXvGJnxWbtRofB2g@mail.gmail.com> <5f649d68-94be-579a-31c6-6ad02466cd15@time-travellers.org> <CAHbrMsCj8LzJff7BXwnY4TOcOU2POuZfP4h+fyA6VUKeGpksCQ@mail.gmail.com> <E0430A84-D844-4B79-B71F-A92A21942329@icann.org> <CAHbrMsCPPq-o8U4mhFPZ1U+GE+57yneEGo7AD5uDQ_QDDUO0rw@mail.gmail.com>
In-Reply-To: <CAHbrMsCPPq-o8U4mhFPZ1U+GE+57yneEGo7AD5uDQ_QDDUO0rw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.0.32.234]
x-source-routing-agent: Processed
Content-Type: multipart/signed; boundary="Apple-Mail=_0FCD9381-DE40-451E-B77B-F80101F9A269"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-30_11:2021-07-30, 2021-07-30 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/ehSmssRL9KNL4iCgBfraTedTvVs>
Subject: Re: [dns-privacy] [Ext] DS Hacks
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 18:10:05 -0000
On Jul 30, 2021, at 10:37 AM, Ben Schwartz <bemasc@google.com> wrote: > > > > On Fri, Jul 30, 2021 at 1:34 PM Paul Hoffman <paul.hoffman@icann.org> wrote: > I'm confused here. Are you saying that the DS owner name for an out-of-bailiwick NS would still be the name of that NS? > > No, it would be the owner name of that NS record, which is the child apex. This is also the owner name of the DS record. The name of the NS is in the RDATA. Sorry that I'm being dense. Having some examples with both in-bailiwick and out-of-bailiwick NSs would be useful (at least to me). --Paul Hoffman
- [dns-privacy] DS Hacks Ben Schwartz
- Re: [dns-privacy] DS Hacks Shane Kerr
- Re: [dns-privacy] DS Hacks Ben Schwartz
- Re: [dns-privacy] [Ext] DS Hacks Paul Hoffman
- Re: [dns-privacy] [Ext] DS Hacks Ben Schwartz
- Re: [dns-privacy] [Ext] DS Hacks Paul Hoffman
- Re: [dns-privacy] [Ext] DS Hacks Robert Evans
- Re: [dns-privacy] [Ext] DS Hacks Paul Hoffman
- Re: [dns-privacy] [Ext] DS Hacks Ben Schwartz
- [dns-privacy] DS glue Paul Hoffman
- Re: [dns-privacy] [Ext] DS Hacks Ilari Liusvaara
- Re: [dns-privacy] [Ext] DS Hacks Ben Schwartz
- Re: [dns-privacy] [Ext] DS glue Paul Hoffman
- Re: [dns-privacy] [Ext] DS glue Ben Schwartz
- Re: [dns-privacy] [Ext] DS glue Alexander Mayrhofer
- Re: [dns-privacy] [Ext] DS glue Ben Schwartz
- Re: [dns-privacy] [Ext] DS glue Alexander Mayrhofer
- Re: [dns-privacy] [Ext] DS glue Ben Schwartz