Return-Path: X-Original-To: dnsop@mail2.ietf.org Delivered-To: dnsop@mail2.ietf.org Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 63BFBDEC671 for ; Tue, 18 Mar 2025 06:23:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at ietf.org X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MOe4ieTbBVmJ for ; Tue, 18 Mar 2025 06:23:06 -0700 (PDT) Received: from stereo.hq.phicoh.net (stereo.hq.phicoh.net [IPv6:2a10:3781:2413:1:2a0:c9ff:fe9f:17a9]) (using TLSv1.2 with cipher ECDHE-ECDSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 918E9DEC655 for ; Tue, 18 Mar 2025 06:23:06 -0700 (PDT) Received: from stereo.hq.phicoh.net (localhost [::ffff:127.0.0.1]) by stereo.hq.phicoh.net with esmtp (TLS version=TLSv1.2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305) (Smail #158) id m1tuWuO-0000NOC; Tue, 18 Mar 2025 14:23:04 +0100 Message-Id: To: dnsop@ietf.org From: Philip Homburg Sender: pch-b6CAFA0C7@u-1.phicoh.com References: <551bb4a8-f787-4caf-8615-c284203d7b7e@nic.cz> <6fa27e23-ec6d-4989-8068-aafb4925d1dd@nic.cz> <2a6088fb-3275-464d-bca1-92a4cbaa78aa@nlnetlabs.nl> <2b862da9-e428-47f3-9ecc-c55a4e589bac@desec.io> <94da4d77-2904-43ba-9bcd-27e22e6a4604@nlnetlabs.nl> <13acb74f-c109-42b4-bc74-0cc10e7ad5c4@isc.org> <2b7c7027-2007-4561-9fed-014b06c8832d@nic.cz> In-reply-to: Your message of "Tue, 18 Mar 2025 14:14:21 +0100 ." <2b7c7027-2007-4561-9fed-014b06c8832d@nic.cz> Date: Tue, 18 Mar 2025 14:23:04 +0100 Message-ID-Hash: ZGK56ICJLX7GP5LDMZV5R4FBMKDQXLTH X-Message-ID-Hash: ZGK56ICJLX7GP5LDMZV5R4FBMKDQXLTH X-MailFrom: pch-b6CAFA0C7@u-1.phicoh.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.9rc6 Precedence: list Subject: =?utf-8?q?=5BDNSOP=5D_Re=3A_Working_Group_Last_Call_for_draft-ietf-dnsop-ns-?= =?utf-8?q?revalidation_=22Delegation_Revalidation_by_DNS_Resolvers=22_?= List-Id: IETF DNSOP WG mailing list Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: >> This is a question of attack model. If we say that this attack model is >> unrealistic, then we should document that somewhere. And explcitly say >> that those types of attacks will not be considered by the wg. > >If a name wants poisoning protection, they should sign it. Parent-side NS records are never signed. But I think we should not make such statements only on the mailing list. Unbound contains a significant amount of processing to try to protect unsigned zones. If we have consensus that unsigned zones are not worth protection then we need to be public about that. It is possible that quite a few stateholders that use the internet would become quite upset if we were publish a statement like that. So maybe until we find consensus about a statement that unsigned zones are not worth protection, we continue to act as if they do. Finally, there is also the issue of privacy. Because parent-side NS records are never signed, an attacker that can subvert the priming query for the root zone can inspect all of a parent-centric resolver's traffic. I think that is not in line with the IETF's stance on privacy.