Re: [DNSOP] Updating RFC 7344 for cross-NS consistency
Bob Harold <rharolde@umich.edu> Tue, 28 June 2022 14:35 UTC
Return-Path: <rharolde@umich.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84AF2C15CF49 for <dnsop@ietfa.amsl.com>; Tue, 28 Jun 2022 07:35:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umich.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wEmfvb-jMAQZ for <dnsop@ietfa.amsl.com>; Tue, 28 Jun 2022 07:35:53 -0700 (PDT)
Received: from mail-yw1-x1135.google.com (mail-yw1-x1135.google.com [IPv6:2607:f8b0:4864:20::1135]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32C41C157B45 for <dnsop@ietf.org>; Tue, 28 Jun 2022 07:35:52 -0700 (PDT)
Received: by mail-yw1-x1135.google.com with SMTP id 00721157ae682-31bf3656517so28396727b3.12 for <dnsop@ietf.org>; Tue, 28 Jun 2022 07:35:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=G/4Z+HDyKyIdMgEO9Q80ZPv3ljQxYvIE+s203e+091o=; b=I7OxMhdIFkK947J/8GWbztzd8RMxg0425oA/xPOpDVahHCgEBoxHLZm1iqIrebKMPW h4Z+v/+zPfsoN7AxDVAEksub22ZOdqzMhlkJ4sVbElX70u4/2Dwf2D3G6dB8jAEHPOIk wRa14Y9GBtzJBkd8xSDT8VOLQn1hI4AWfPc9Nqe0+o9a/FSuNe1sY4nzuQ0va+RXo6Ax nCYBpisxMTo3QT+LHRZHrZENoiEZ2pqKf+FoJ5/PRYZdIu+kqa+lEU7krLjDLyFL7zii AT2lu5o5qjz8Hz1DqaWylulL4CGX1L4u340mjfKtYMwkTOtUHTR2Dee8NeJngRC6Izki gE5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=G/4Z+HDyKyIdMgEO9Q80ZPv3ljQxYvIE+s203e+091o=; b=WNk/tFNgrJi+TnvpbikdYJ9fI36awDeUv8WZ2JFpu02Lwna1CQfM5ufFJinGkHVCU/ GW9zQ5Pp9ToLfG2Aw1F0L/urRp+cK5DSCdR7wjgB9LX7tOuhkNrord/6kH0ocp1LDNE+ iB4u5lwNk68zot2+H++MIc9swIs0vKGEjCDAPnN5rp71+wBHHDK4hMNojVbDkBXcoQ+S 8j4/XuWpt8z8BCLshqD0gxmGJpPpZWpZ1vKoqeZIfY74gs+UdLiscO/Qg3tTT+pYkk2F uX4H4+8ZWq0GR0FPG8SW1gJU2Qv5LC7LD0aIyq3Qyeehk5SHiLbpMcyrD4+TwXZvFR5X cNjg==
X-Gm-Message-State: AJIora9ZV4EOLRdc0sJtAiIHG2gPj2/KoHRQdYsDZ7qktwp+FSyKh1hC cmWm8n1D82JAwR+hzbMxGytuHa60If6AcdXT0ihJ1CeXje4=
X-Google-Smtp-Source: AGRyM1sl46tKN8NEcZWk6px2AC0BK+7tw0FvBsqrUV8FLWKAogIwugPEuykwKSBQidwUXu+uKE3C9BwL2HWrT1yrnqQ=
X-Received: by 2002:a81:c74c:0:b0:317:4ff9:a668 with SMTP id i12-20020a81c74c000000b003174ff9a668mr21029712ywl.364.1656426951902; Tue, 28 Jun 2022 07:35:51 -0700 (PDT)
MIME-Version: 1.0
References: <f945a354-77d7-55b8-a2c1-11c8794ae653@desec.io> <9cc0c19f-da83-72ae-a940-16f1662bf29@nohats.ca> <0e230058-080a-dd30-8808-f66eb9a1dc47@desec.io> <CA+nkc8Cc=V6YUSv8L-nbCcs3kfr5gsSStj4CC-e6GwEkFSbSKw@mail.gmail.com> <dca35c59-9abb-a775-d0a7-349f6a8b756a@desec.io>
In-Reply-To: <dca35c59-9abb-a775-d0a7-349f6a8b756a@desec.io>
From: Bob Harold <rharolde@umich.edu>
Date: Tue, 28 Jun 2022 10:35:41 -0400
Message-ID: <CA+nkc8CGbsvDUUt4jn0K50vTYDkLkFqYnGGm8gxz5H=N2qEUow@mail.gmail.com>
To: Peter Thomassen <peter@desec.io>
Cc: Paul Wouters <paul@nohats.ca>, "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000109d7c05e282f4a9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/2Ska8fkzMtyUHo21mlW5i8NXNz8>
Subject: Re: [DNSOP] Updating RFC 7344 for cross-NS consistency
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jun 2022 14:35:57 -0000
On Tue, Jun 28, 2022 at 10:23 AM Peter Thomassen <peter@desec.io> wrote: > Hi Bob, > > On 6/28/22 16:20, Bob Harold wrote: > > But the parent NS set is not covered by DNSSEC, and thus could be > spoofed?? > > (Wish we could fix that!) > > The parental agent (registry, registrar) has off-band definite knowledge > of the delegation's NS records. > > As an example, the .edu operator knows what umich.edu's NS records are, > because the registrant (the university) told them. > > Cheers, > Peter > > -- > https://desec.io/ Ah, yes. Even in a multi-signer situation, you are correct. I forgot the context. -- Bob Harold
- [DNSOP] Updating RFC 7344 for cross-NS consistency Peter Thomassen
- Re: [DNSOP] Updating RFC 7344 for cross-NS consis… Paul Wouters
- Re: [DNSOP] Updating RFC 7344 for cross-NS consis… Peter Thomassen
- Re: [DNSOP] Updating RFC 7344 for cross-NS consis… Bob Harold
- Re: [DNSOP] Updating RFC 7344 for cross-NS consis… Peter Thomassen
- Re: [DNSOP] Updating RFC 7344 for cross-NS consis… Bob Harold
- Re: [DNSOP] Updating RFC 7344 for cross-NS consis… Peter Thomassen