Re: [DNSOP] DNSSEC, additional special names & draft-chapin-additional-reserved-tlds-00.txt

Joe Abley <jabley@hopcount.ca> Fri, 28 February 2014 15:06 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 132841A0830 for <dnsop@ietfa.amsl.com>; Fri, 28 Feb 2014 07:06:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cCgaKmB75WHy for <dnsop@ietfa.amsl.com>; Fri, 28 Feb 2014 07:06:24 -0800 (PST)
Received: from mail-ie0-x22c.google.com (mail-ie0-x22c.google.com [IPv6:2607:f8b0:4001:c03::22c]) by ietfa.amsl.com (Postfix) with ESMTP id D9CF61A0837 for <dnsop@ietf.org>; Fri, 28 Feb 2014 07:06:23 -0800 (PST)
Received: by mail-ie0-f172.google.com with SMTP id as1so3009688iec.17 for <dnsop@ietf.org>; Fri, 28 Feb 2014 07:06:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=/5sOHQF1JFuSBOQsVSRzvnZp0AQ+4CdDpRq9LWERc78=; b=G/T9Sf0iq7WTERj5CPF6N4cvyIVs4LjR0MQSYiFg+PCFx1kfzn4fYEBpeiifTLKQ3J m29rd1um0i77QeN7risS6kuKHEklfYhROuUAXBH7gw8je3ogLoWpkp6LKo/gNEX2vqUK 5dWMi7F9Z6qeXNJNuDTYQXVQMelVYjf2phiz8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=/5sOHQF1JFuSBOQsVSRzvnZp0AQ+4CdDpRq9LWERc78=; b=Kq3TgAN5KfPULgLa2GnRHhYWORWxTowoGJvG902PCxksG9SjGnQkZ4q4xTn+wlFUlt H4uclpG73MJTsfOcInU+1WuQpluIg4E4Uk1Y3vlcErowtm2/9z0l8y0UOO5CjfworYOg 6D4JUv8qG3DGXnB8JmR72ZH6Ozu0lMeYCyETs4lgbBYauG0mEzBKOhbTEngwVb/p6Hw4 kFuIG69c1A16JbVNV5RCdkbVSXeiOPZ29a18E8ULL2ThVpfKWw1MNiEDghRcM+WzWoYH DkonreubKLhGtL7Uc334LYORLaFGCFCbpAeeo9gBGyxc2fsqhjH8B1M3iMduGkyRkBFK wsGA==
X-Gm-Message-State: ALoCoQnQXgOELXzAHxsiLld8QORR52aAd/MnVJHnVv2RFTOPr3YOnH3DvJwNWDTqlIlvSwWbHMN6
X-Received: by 10.50.176.162 with SMTP id cj2mr4559131igc.7.1393599981899; Fri, 28 Feb 2014 07:06:21 -0800 (PST)
Received: from dh24.r1.hopcount.ca (24-52-234-221.cable.teksavvy.com. [24.52.234.221]) by mx.google.com with ESMTPSA id om7sm7796441igb.10.2014.02.28.07.06.21 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 28 Feb 2014 07:06:21 -0800 (PST)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <alpine.LSU.2.00.1402281129350.13302@hermes-1.csi.cam.ac.uk>
Date: Fri, 28 Feb 2014 10:06:20 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <71ABA9C6-6B92-40D9-BAED-909EE78D54AC@hopcount.ca>
References: <20140228041955.24570.qmail@joyce.lan> <alpine.LSU.2.00.1402281129350.13302@hermes-1.csi.cam.ac.uk>
To: Tony Finch <dot@dotat.at>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/6zeVsfclVSu_cfzsEM2U9CTmONs
Cc: dnsop@ietf.org, John Levine <johnl@taugh.com>
Subject: Re: [DNSOP] DNSSEC, additional special names & draft-chapin-additional-reserved-tlds-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Feb 2014 15:06:26 -0000

On 28 Feb 2014, at 6:31, Tony Finch <dot@dotat.at>; wrote:

> John Levine <johnl@taugh.com>; wrote:
> 
>> Since the device and the browser will not be online when you do the
>> initial configuration, it seems to me that if you use a validating
>> resolver you lose no matter what the name is.
> 
> Hmm yes a very good point :-/
> 
> I think this is an argument in favour of registering a special use name
> for this purpose which can be configured with a negative trust anchor.
> 
> Unless someone has a bright idea for some alternative fix…

Bonjour. It works for every other device in the home that needs a direct connection to manage. Nobody assumes that “http://printer.home” is going to do anything useful; why is the gateway device different?

(I’ve never owned a consumer-grade home gateway; whenever I’ve helped out a neighbour with theirs I’ve always just connected to whatever address the gateway’s DHCP server gave me as a default route. I had no idea there was any expectation that “router.home” would do anything sensible. It does go some way to explain what I saw at L-Root when I last had the opportunity to look, though :-)


Joe