[DNSOP] Re: [EXTERNAL] Re: Call for Adoption: draft-davies-internal-tld
John Levine <johnl@taugh.com> Fri, 02 May 2025 17:17 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 44D73242F828 for <dnsop@mail2.ietf.org>; Fri, 2 May 2025 10:17:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.4
X-Spam-Level:
X-Spam-Status: No, score=-4.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="j+rXha7C"; dkim=pass (2048-bit key) header.d=taugh.com header.b="JHTPIPHt"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3RCy-vuSWnUg for <dnsop@mail2.ietf.org>; Fri, 2 May 2025 10:17:57 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id A9522242F823 for <dnsop@ietf.org>; Fri, 2 May 2025 10:17:57 -0700 (PDT)
Received: (qmail 43872 invoked from network); 2 May 2025 17:17:57 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding:cleverness; s=ab5e6814fe45.k2505; t=1746206267; x=1746551867; bh=JVVln3+K7dtYi5tijcOtyAsgrJyWpxg+5dNUUrf6vDY=; b=j+rXha7Cbdl25FMyPDWUm3PPj45a3KYP8/xniHC456Ni8SSEqtSOGv4y+WUWsCS9uarejeNrIxhfDlWc8BFHlNfGwEZHD9PKB7pKZpmqxwMbQOZyw4pNK7WHXt8SASZhDzMdhcBtYpCDQI5pCgLWRdD1ZGfhrme1GaAMut+ZWwSC8Qu0E/G/yOpTp/cjAXVPuygNvkXL9eY2/clWeLmXdP9riPQ4tjWZiIijqJNFXzeHI7pczmX56u44kcg8C8pW1KqOjYiw2w16i8gM4jFtKmM7NLSK5NichiDZ1zadFeYlCbuHa6kwK5mUaZO6aFLUcNP5AMImrxrz+UjreTFijg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding:cleverness; s=ab5e6814fe45.k2505; bh=JVVln3+K7dtYi5tijcOtyAsgrJyWpxg+5dNUUrf6vDY=; b=JHTPIPHtGeFHyH9aXVEa8KXbdscR3tEVwwNdqWI0SNbEBJSE/gtN2u9mgSaYdMa+/8ALdxhmmOh2cycy0ah80/CXHvRhdXHlGGZSLKoThBpr8kDHVpC4lsq9DjUbzQstHUIwBbOxazyJTE/mAPg0Hrdk6+7hH00o+2bVHYM0BgOLTHLNJeyKbjdwY/KVZ1d0/wD+GgvTdkJwaYkZ95yR6vgjba4hpJ8UKSbOA1HcvzhekxXcaEHNZPGIOamzCoOjWc9WCrDNNeYqvCbfEPmrwXEMRRRyz0GVkpjMYr8sQclGInZqNG+mWQbl+z5K6e7u4IMpPfB+MQnzkjjmjzLwJA==
Received: from ary.qy ([IPv6:2001:470:1f07:1126:0:78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126:0:78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA CHACHA20-POLY1305 AEAD) via TCP6; 02 May 2025 17:17:56 -0000
Received: by ary.qy (Postfix, from userid 501) id 5AC67C762C3C; Fri, 2 May 2025 13:17:56 -0400 (EDT)
Date: Fri, 02 May 2025 13:17:56 -0400
Message-Id: <20250502171756.5AC67C762C3C@ary.qy>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
In-Reply-To: <SA1PR15MB4370BAE2BD669193DDB9AE44B38D2@SA1PR15MB4370.namprd15.prod.outlook.com>
Organization: Taughannock Networks
References: <1C9E8ABA-4399-491B-A9F4-D9ACCB1BA72C@virtualized.org> <C497EC3A-A06B-4DCC-B0C8-382A3424D7D5@strandkip.nl> <SA1PR15MB43700B9B2C9151FB31381082B3BC2@SA1PR15MB4370.namprd15.prod.outlook.com> <866409E5-0D9A-4669-8C6E-C9D1C7BDAA21@dnss.ec> <SA1PR15MB4370BAE2BD669193DDB9AE44B38D2@SA1PR15MB4370.namprd15.prod.outlook.com>
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Message-ID-Hash: G6U7RSN6QGQDYXDUAHM5SLDWH64AQDAH
X-Message-ID-Hash: G6U7RSN6QGQDYXDUAHM5SLDWH64AQDAH
X-MailFrom: johnl@iecc.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: bemasc@meta.com
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: draft-davies-internal-tld
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/9X42ceUena1WMFsJegKuFxsHCSA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
It appears that Ben Schwartz <bemasc@meta.com> said: >-=-=-=-=-=- > >We are comparing two options, and two types of deployments: > >Option A: .internal is provably nonexistent at the root >Option B: .internal is an unsigned delegation at the root > >Type 1: A deployment that controls the stub's DNSSEC configuration >Type 2: A deployment that cannot customize the client's DNSSEC configuration > >For Type 1, options A and B achieve the same security and functionality. Either way, the deployment can make use of .internal as a signed or unsigned zone, by configuring stubs >with a local positive or negative trust anchor. > >For Type 2, "A" makes .internal empty for validating stubs, whereas "B" entrusts its contents to the recursive resolver. > >The ICANN SSAC report suggests that one goal of .internal is to support devices that can function "without a priori knowledge of the network environment in which those devices are >deployed". This suggests that the SSAC intends for .internal to be usable in Type 2 deployments. I honestly don't recall the details of the discussion but I think it's at least as likely that we meant that the magic can happen at the local cache so you don't need per device setup like you do for .onion or .alt. I keep seeing a lot of assumptions about how devices will work with precious little support for them. My personal unsupported assumption is that the number of devices in the "we use the cache but don't believe what it says" camp is small enough not to matter. R's, John
- [DNSOP] Call for Adoption: draft-davies-internal-… Benno Overeinder
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Loganaden Velvindron
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Wessels, Duane
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Manu Bretelle
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Karim Attoumani Mohamed
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Geoff Huston
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Joe Abley
- [DNSOP] Re: Call for Adoption: draft-davies-inter… S Moonesamy
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Benno Overeinder
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Joe Abley
- [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: dra… tojens.ietf
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Warren Kumari
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Petr Špaček
- [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: dra… David Conrad
- [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: dra… David Conrad
- [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: dra… Joe Abley
- [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: dra… Philip Homburg
- [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: dra… Jim Reid
- [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: dra… Ben Schwartz
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Wessels, Duane
- [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: dra… Jim Reid
- [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: dra… Jim Reid
- [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: dra… Karl Dyson
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Shumon Huque
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Karl Dyson
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Wessels, Duane
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Peter Thomassen
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Philip Homburg
- [DNSOP] Re: Call for Adoption: draft-davies-inter… John R Levine
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Philip Homburg
- [DNSOP] Re: Call for Adoption: draft-davies-inter… John R Levine
- [DNSOP] Re: Call for Adoption: draft-davies-inter… John R Levine
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Philip Homburg
- [DNSOP] Re: Call for Adoption: draft-davies-inter… John Levine
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Andrew McConachie
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Philip Homburg
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Petr Špaček
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Philip Homburg
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Paul Hoffman
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Jim Reid
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… S Moonesamy
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Kim Davies
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Dave Lawrence
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Michael De Roover
- [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: dra… Joe Abley
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Philip Homburg
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Paul Hoffman
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Peter Thomassen
- [DNSOP] Re: DNSOP[Ext] Re: Call for Adoption: dra… Wes Hardaker
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Paul Hoffman
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Ted Lemon
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Joe Abley
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Joe Abley
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Joe Abley
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Ted Lemon
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Ted Lemon
- [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: dra… Roy Arends
- [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: dra… David Conrad
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Philip Homburg
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Joe Abley
- [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: dra… Ben Schwartz
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Roy Arends
- [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: dra… Roy Arends
- [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: dra… John Levine
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Michael De Roover
- [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: dra… Ben Schwartz
- [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Ado… Paul Hoffman
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Petr Špaček
- [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Ado… Philip Homburg
- [DNSOP] Re: [EXTERNAL] Re: [Ext] Re: Call for Ado… Suzanne Woolf
- [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Ado… David Conrad
- [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Ado… Philip Homburg
- [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Ado… Ted Lemon
- [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: dra… Suzanne Woolf
- [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: dra… Joe Abley
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Philip Homburg
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Andrew McConachie
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Mark Andrews
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Andrew McConachie
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Joe Abley
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Mark Andrews
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Joe Abley
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Peter Thomassen
- [DNSOP] Re: DNSOPCall for Adoption: draft-davies-… Wes Hardaker
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Ted Lemon
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Warren Kumari
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Paul Hoffman
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Paul Hoffman
- [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Ado… Michael De Roover
- [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Ado… Joe Abley
- [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Ado… David Conrad
- [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Ado… David Conrad
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Jim Reid
- [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Ado… Petr Špaček
- [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Ado… Joe Abley
- [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: dra… David Conrad
- [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Ado… Philip Homburg
- [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: dra… Karl Dyson
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Michael De Roover
- [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Ado… John Levine
- [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Ado… Joe Abley
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Wessels, Duane
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Paul Hoffman
- [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Ado… Philip Homburg
- [DNSOP] Re: DNSOP[Ext] Re: Call for Adoption: dra… John R Levine
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Kevin P. Fleming
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Philip Homburg
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Ted Lemon
- [DNSOP] Re: what problem are we trying to solve, … John Levine
- [DNSOP] Re: [Ext] Re: what problem are we trying … Paul Hoffman
- [DNSOP] Re: [EXTERNAL] Re: Call for Adoption: dra… John R Levine
- [DNSOP] Re: [EXTERNAL] Re: [Ext] Re: Call for Ado… Paul Hoffman
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Libor Peltan
- [DNSOP] Re: [Ext] Re: what problem are we trying … Mark Andrews
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Ted Lemon
- [DNSOP] Re: [Ext] Re: what problem are we trying … Ted Lemon
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Geoff Huston
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… John Levine
- [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Ado… Paul Hoffman
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Shumon Huque
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Mark Andrews
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Michael De Roover
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Ted Lemon
- [DNSOP] Re: Call for Adoption: draft-davies-inter… John Levine
- [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Ado… John Levine
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… John Levine
- [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Ado… Andrew Sullivan
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Peter Thomassen
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Michael De Roover
- [DNSOP] Re: what problem are we trying to solve, … John R Levine
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Philip Homburg
- [DNSOP] Re: Call for Adoption: draft-davies-inter… John R Levine
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Michael De Roover
- [DNSOP] Re: what problem are we trying to solve, … Ted Lemon
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Philip Homburg
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Paul Hoffman
- [DNSOP] Re: Call for Adoption: draft-davies-inter… John R Levine
- [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Ado… Ted Lemon
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Michael De Roover
- [DNSOP] Re: what problem are we trying to solve, … Philip Homburg
- [DNSOP] Re: [Ext] Re: what problem are we trying … Paul Hoffman
- [DNSOP] Re: Call for Adoption: draft-davies-inter… Benno Overeinder
- [DNSOP] Re: [Ext] Re: what problem are we trying … Petr Špaček
- [DNSOP] Re: [Ext] Re: what problem are we trying … Ted Lemon
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Mark Andrews
- [DNSOP] Re: [Ext] Re: what problem are we trying … Ted Lemon
- [DNSOP] Re: [Ext] Re: what problem are we trying … John Levine
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Jim Reid
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Joe Abley
- [DNSOP] Re: [Ext] Re: what problem are we trying … Joe Abley
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Mark Andrews
- [DNSOP] Re: [Ext] Re: what problem are we trying … Ted Lemon
- [DNSOP] Re: [Ext] Re: what problem are we trying … Petr Špaček
- [DNSOP] Re: [Ext] Re: what problem are we trying … John Levine
- [DNSOP] Re: [Ext] Re: what problem are we trying … Mark Andrews
- [DNSOP] Re: [Ext] Re: what problem are we trying … John R Levine
- [DNSOP] Re: [Ext] Re: what problem are we trying … Mark Andrews
- [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Ado… Ben Schwartz
- [DNSOP] Re: [Ext] Re: what problem are we trying … Benno Overeinder
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Paul Hoffman
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Philip Homburg
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Philip Homburg
- [DNSOP] Re: [Ext] Re: what problem are we trying … Brian Dickson
- [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Ado… Petr Špaček
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Joe Abley
- [DNSOP] Re: [Ext] Re: Call for Adoption: draft-da… Ted Lemon