IETF Logo Mail Archive

Re: [dnsext] need new flag bit in EDNS, "do me no favours" (DMNF)

Paul Vixie <vixie@isc.org> Mon, 25 October 2010 01:09 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1697C3A68A8; Sun, 24 Oct 2010 18:09:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.844
X-Spam-Level:
X-Spam-Status: No, score=-1.844 tagged_above=-999 required=5 tests=[AWL=-0.537, BAYES_00=-2.599, MISSING_HEADERS=1.292]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tBI0XNgej96Z; Sun, 24 Oct 2010 18:09:44 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 4C98A3A677D; Sun, 24 Oct 2010 18:09:43 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1PABY3-000AMm-Vh for namedroppers-data0@psg.com; Mon, 25 Oct 2010 01:08:27 +0000
Received: from [2001:4f8:3:bb:230:48ff:fe5a:2f38] (helo=nsa.vix.com) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.72 (FreeBSD)) (envelope-from <vixie@vix.com>) id 1PABY1-000AMO-DS for namedroppers@ops.ietf.org; Mon, 25 Oct 2010 01:08:25 +0000
Received: from nsa.vix.com (localhost [127.0.0.1]) by nsa.vix.com (Postfix) with ESMTP id 0E7D1A1071 for <namedroppers@ops.ietf.org>; Mon, 25 Oct 2010 01:08:25 +0000 (UTC) (envelope-from vixie@nsa.vix.com)
From: Paul Vixie <vixie@isc.org>
Cc: "namedroppers@ops.ietf.org" <namedroppers@ops.ietf.org>
Subject: Re: [dnsext] need new flag bit in EDNS, "do me no favours" (DMNF)
In-Reply-To: Your message of "Sun, 24 Oct 2010 20:52:12 -0300." <AANLkTim-N5CByUnUr-aTYML_88hOxTJEsNKa=jkGaGfs@mail.gmail.com>
References: <C8EA875A.83BA%roy@nominet.org.uk> <8D01F5E3-F863-4873-BB0E-654FA89983F7@virtualized.org> <AANLkTim-N5CByUnUr-aTYML_88hOxTJEsNKa=jkGaGfs@mail.gmail.com>
X-Mailer: MH-E 8.1; nil; GNU Emacs 23.1.1
Date: Mon, 25 Oct 2010 01:08:25 +0000
Message-ID: <87750.1287968905@nsa.vix.com>
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>

> Date: Sun, 24 Oct 2010 20:52:12 -0300
> From: Brian Dickson <brian.peter.dickson@gmail.com>
> 
> At the risk of sounding facetious, I think we already have a "DMNF" bit:
> DO (plus CD bit, i.e. security-aware stub resolvers).

that's a workaround not a signal.  so, if there's a secure path from a 
trust anchor to the qname AND if the stub is validating THEN this has
the same effect as DMNF.

however, for unsecured names or nonvalidating stubs, i'd like an
explicit signal.  thus, DMNF.  so far david conrad thinks a short i-d
could be worthwhile, so that's two (me and him).  anybody else?

v2.23.0 | Report a Bug | By Email