IETF Logo Mail Archive

Re: Interpreting DNSSEC was Re: [dnsext] flip-flopping secure and unsecure DNAME/CNAME

Michael StJohns <mstjohns@comcast.net> Mon, 13 October 2008 16:44 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 601BE3A6A55; Mon, 13 Oct 2008 09:44:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.066
X-Spam-Level:
X-Spam-Status: No, score=-1.066 tagged_above=-999 required=5 tests=[AWL=-0.629, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T8Osv-KC45oX; Mon, 13 Oct 2008 09:44:23 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 63F533A69F6; Mon, 13 Oct 2008 09:44:23 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KpQRA-000PEb-Dg for namedroppers-data@psg.com; Mon, 13 Oct 2008 16:38:28 +0000
Received: from [76.96.62.80] (helo=QMTA08.westchester.pa.mail.comcast.net) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <mstjohns@comcast.net>) id 1KpQR3-000PDu-Dv for namedroppers@ops.ietf.org; Mon, 13 Oct 2008 16:38:25 +0000
Received: from OMTA07.westchester.pa.mail.comcast.net ([76.96.62.59]) by QMTA08.westchester.pa.mail.comcast.net with comcast id SEhE1a0081GhbT858GeHLy; Mon, 13 Oct 2008 16:38:17 +0000
Received: from MIKES-LAPTOM.comcast.net ([69.140.151.110]) by OMTA07.westchester.pa.mail.comcast.net with comcast id SGeK1a00H2P9w053TGeLeb; Mon, 13 Oct 2008 16:38:20 +0000
X-Authority-Analysis: v=1.0 c=1 a=gjHhN06smIIA:10 a=liyGigqBEMQA:10 a=NllN8NON1xZY598_ZlMA:9 a=Z39TrXq8B40Odwm60kBjy3g18q8A:4 a=h9s5Ru71U4oA:10
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Mon, 13 Oct 2008 12:38:20 -0400
To: Edward Lewis <Ed.Lewis@neustar.biz>, Alex Bligh <alex@alex.org.uk>
From: Michael StJohns <mstjohns@comcast.net>
Subject: Re: Interpreting DNSSEC was Re: [dnsext] flip-flopping secure and unsecure DNAME/CNAME
Cc: Ben Laurie <ben@links.org>, Wouter Wijngaards <wouter@NLnetLabs.nl>, Edward Lewis <Ed.Lewis@neustar.biz>, namedroppers@ops.ietf.org, Alex Bligh <alex@alex.org.uk>
In-Reply-To: <a06240800c5190d86422c@[192.168.1.101]>
References: <Your message of "Mon, 22 Sep 2008 15:12:44 -0400." <E1KhqqB-000CE1-QD@psg.com> <200809230016.m8N0GS9E069236@drugs.dv.isc.org> <E1Khwdp-000J3V-QJ@psg.com> <a06240804c4ffc42abc16@[10.122.105.108]> <E1KicTm-000ANO-PO@psg.com> <a06240800c50fd3decd5b@[192.168.1.101]> <48F2DE42.1060209@links.org> <E1KpLkt-000HQ3-Is@psg.com> <48F33C34.3010901@nlnetlabs.nl> <D3AA46B662F334B8639E08CF@Ximines.local> <48F35170.30900@links.org> <4B27E2458EBA97669B259355@Ximines.local> <a06240800c5190d86422c@[192.168.1.101]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
Message-Id: <E1KpQRA-000PEb-Dg@psg.com>

At 10:57 AM 10/13/2008, Edward Lewis wrote:
>DNSSEC only says "this answer looks good" or "doesn't look good." Trying to figure out whether the answer's disposition is temporary/permanent, correct/incorrect, trustworthy/not takes more than just the DNS data and more than just the query at hand.


DNSSEC says the answer looks good - SECURE
or doesn't look good - BOGUS 
or DNSSEC told me I shouldn't care about DNSSEC past some point - UNSECURE
or I have no information which would let me determine what DNSSEC thinks about the data - UNKNOWN

"Trustworthy" begs a definition here for what "looks good" means in relationship to "trusting" DNS data.



--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.23.0 | Report a Bug | By Email