Re: [DNSOP] additional special names Fwd: I-D Action: draft-chapin-additional-reserved-tlds-00.txt
Ralf Weber <dns@fl1ger.de> Wed, 29 January 2014 16:40 UTC
Return-Path: <dns@fl1ger.de>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62BC51A0356 for <dnsop@ietfa.amsl.com>; Wed, 29 Jan 2014 08:40:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.301
X-Spam-Level:
X-Spam-Status: No, score=-1.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_64=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ORue9HjfmKTq for <dnsop@ietfa.amsl.com>; Wed, 29 Jan 2014 08:40:45 -0800 (PST)
Received: from nox.guxx.net (nox.guxx.net [78.46.109.173]) by ietfa.amsl.com (Postfix) with ESMTP id B61821A02F2 for <dnsop@ietf.org>; Wed, 29 Jan 2014 08:40:45 -0800 (PST)
Received: by nox.guxx.net (Postfix, from userid 65534) id 6F18BDB830B; Wed, 29 Jan 2014 17:40:42 +0100 (CET)
Received: from porcupinetree.ddns.nominum.com (PorcupineTree.ddns.nominum.com [64.89.225.138]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by nox.guxx.net (Postfix) with ESMTPSA id C595CDB811B; Wed, 29 Jan 2014 17:40:40 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Ralf Weber <dns@fl1ger.de>
In-Reply-To: <72A3E4AE-F116-4496-BADB-5973DEC46598@vpnc.org>
Date: Wed, 29 Jan 2014 08:40:38 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <C2A6625B-BEF7-41D6-B8BB-B870694CAFD9@fl1ger.de>
References: <20140129055438.2402.qmail@joyce.lan> <97E20887-2B9C-4EAD-826B-043306605F88@fl1ger.de> <72A3E4AE-F116-4496-BADB-5973DEC46598@vpnc.org>
To: Paul Hoffman <paul.hoffman@vpnc.org>
X-Mailer: Apple Mail (2.1827)
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>
Subject: Re: [DNSOP] additional special names Fwd: I-D Action: draft-chapin-additional-reserved-tlds-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jan 2014 16:40:47 -0000
Moin! On 29 Jan 2014, at 08:10, Paul Hoffman <paul.hoffman@vpnc.org> wrote: >> There is a huge, easily-identifiable difference between adding a token *before* the application process that started in 2012 and then later asking for a hold-back, and adding it *after*. > > All names in draft-chapin-additional-reserved-tlds were in widespread use before the application process. If someone wants to start using a new TLD now, they know where to go ask for it. That they where in use before the new GTLD process doesn't change the fact that they were not supposed to be asked on the global DNS namespace. >> I also don't think there are risks in delegation these other than >> the applicants will get lots of traffic. > > Others disagree. ICANN has documented many scenarios where there are security problems when what was earlier expected to either get local resolution or an NXDOMAIN starts getting real answers. By risks I meant risks to the Internet as a whole. There surely is a security problem when you answer with an A record where you before gave back NXDomain for the person doing that. But that hasn't stopped people deploying NXDomain redirections and again the real problem is that you are using something in the global name space that is not supposed to be there. There are other uses of DNS where giving out an record instead of NXDomain has security implications (NXR redirections, fat finger domains, searchlists) and none of them have been treated special here. Also there are IMHO currently other more pressing security issues with the Internet than people getting an A record back for router.home. So long -Ralf
- Re: [DNSOP] additional special names Fwd: I-D Act… John Levine
- Re: [DNSOP] additional special names Fwd: I-D Act… Paul Hoffman
- [DNSOP] additional special names Fwd: I-D Action:… Suzanne Woolf
- Re: [DNSOP] additional special names Fwd: I-D Act… Stephane Bortzmeyer
- Re: [DNSOP] additional special names Fwd: I-D Act… Stuart Cheshire
- Re: [DNSOP] additional special names Fwd: I-D Act… George Michaelson
- Re: [DNSOP] additional special names Fwd: I-D Act… John Levine
- Re: [DNSOP] additional special names Fwd: I-D Act… Jim Reid
- Re: [DNSOP] additional special names Fwd: I-D Act… Paul Hoffman
- Re: [DNSOP] additional special names Fwd: I-D Act… Paul Hoffman
- Re: [DNSOP] additional special names Fwd: I-D Act… John R Levine
- Re: [DNSOP] additional special names Fwd: I-D Act… Lyman Chapin
- Re: [DNSOP] additional special names Fwd: I-D Act… Stuart Cheshire
- Re: [DNSOP] additional special names Fwd: I-D Act… Stuart Cheshire
- Re: [DNSOP] additional special names Fwd: I-D Act… John Levine
- Re: [DNSOP] additional special names Fwd: I-D Act… Paul Hoffman
- Re: [DNSOP] additional special names Fwd: I-D Act… Ralf Weber
- Re: [DNSOP] additional special names Fwd: I-D Act… Paul Hoffman
- Re: [DNSOP] additional special names Fwd: I-D Act… Ralf Weber
- Re: [DNSOP] additional special names Fwd: I-D Act… Joe Abley
- Re: [DNSOP] additional special names Fwd: I-D Act… Ralf Weber
- Re: [DNSOP] additional special names Fwd: I-D Act… Mark Andrews
- Re: [DNSOP] additional special names Fwd: I-D Act… Ted Lemon
- Re: [DNSOP] additional special names Fwd: I-D Act… Stephane Bortzmeyer
- Re: [DNSOP] additional special names Fwd: I-D Act… Paul Hoffman
- Re: [DNSOP] additional special names Fwd: I-D Act… Joe Abley
- Re: [DNSOP] additional special names Fwd: I-D Act… Mark Andrews
- Re: [DNSOP] additional special names Fwd: I-D Act… Joe Abley
- Re: [DNSOP] additional special names Fwd: I-D Act… Ted Lemon
- Re: [DNSOP] additional special names Fwd: I-D Act… Andrew Sullivan
- Re: [DNSOP] additional special names Fwd: I-D Act… jonne.soininen
- Re: [DNSOP] additional special names Fwd: I-D Act… George Michaelson
- Re: [DNSOP] additional special names Fwd: I-D Act… Ted Lemon
- Re: [DNSOP] additional special names Fwd: I-D Act… George Michaelson
- Re: [DNSOP] additional special names Fwd: I-D Act… John Levine
- Re: [DNSOP] additional special names Fwd: I-D Act… Andrew Sullivan
- Re: [DNSOP] additional special names Fwd: I-D Act… Ted Lemon
- Re: [DNSOP] additional special names Fwd: I-D Act… George Michaelson
- Re: [DNSOP] additional special names Fwd: I-D Act… Andrew Sullivan
- Re: [DNSOP] additional special names Fwd: I-D Act… Ted Lemon
- Re: [DNSOP] additional special names Fwd: I-D Act… Ted Lemon
- Re: [DNSOP] additional special names Fwd: I-D Act… jonne.soininen
- Re: [DNSOP] additional special names Fwd: I-D Act… Paul Vixie
- Re: [DNSOP] additional special names Fwd: I-D Act… Andrew Sullivan
- Re: [DNSOP] additional special names Fwd: I-D Act… John Levine
- Re: [DNSOP] additional special names Fwd: I-D Act… Patrik Fältström
- Re: [DNSOP] additional special names Fwd: I-D Act… Jim Reid
- Re: [DNSOP] additional special names Fwd: I-D Act… Stephane Bortzmeyer
- Re: [DNSOP] additional special names Fwd: I-D Act… Stephane Bortzmeyer
- Re: [DNSOP] additional special names Fwd: I-D Act… Stephane Bortzmeyer
- Re: [DNSOP] additional special names Fwd: I-D Act… Andrew Sullivan
- Re: [DNSOP] additional special names Fwd: I-D Act… Joe Abley
- Re: [DNSOP] additional special names Fwd: I-D Act… Paul Ferguson
- Re: [DNSOP] additional special names Fwd: I-D Act… Suzanne Woolf
- Re: [DNSOP] additional special names Fwd: I-D Act… John Levine
- Re: [DNSOP] possibly quite a lot of additional sp… John Levine
- Re: [DNSOP] additional special names Fwd: I-D Act… joel jaeggli
- Re: [DNSOP] additional special names Fwd: I-D Act… Ted Lemon
- Re: [DNSOP] additional special names Fwd: I-D Act… Stuart Cheshire
- Re: [DNSOP] additional special names Fwd: I-D Act… Mark Andrews
- Re: [DNSOP] additional special names Fwd: I-D Act… Stuart Cheshire
- Re: [DNSOP] additional special names Fwd: I-D Act… Mark Andrews
- Re: [DNSOP] additional special names Fwd: I-D Act… David Conrad
- Re: [DNSOP] additional special names Fwd: I-D Act… Mark Andrews
- Re: [DNSOP] additional special names Fwd: I-D Act… Joe Abley
- Re: [DNSOP] additional special names Fwd: I-D Act… Paul Hoffman
- Re: [DNSOP] additional special names Fwd: I-D Act… David Conrad
- Re: [DNSOP] additional special names Fwd: I-D Act… John Levine
- Re: [DNSOP] additional special names Fwd: I-D Act… Mark Andrews
- Re: [DNSOP] additional special names Fwd: I-D Act… Mark Andrews
- Re: [DNSOP] additional special names Fwd: I-D Act… Paul Hoffman
- Re: [DNSOP] additional special names Fwd: I-D Act… Mark Andrews
- Re: [DNSOP] additional special names Fwd: I-D Act… David Conrad
- Re: [DNSOP] additional special names Fwd: I-D Act… Mark Andrews
- [DNSOP] DNSSEC, additional special names & draft-… Jim Reid
- Re: [DNSOP] DNSSEC, additional special names & dr… Mark Andrews
- Re: [DNSOP] DNSSEC, additional special names & dr… Jim Reid
- Re: [DNSOP] DNSSEC, additional special names & dr… Tony Finch
- Re: [DNSOP] DNSSEC, additional special names & dr… Tony Finch
- Re: [DNSOP] DNSSEC, additional special names & dr… Jim Reid
- Re: [DNSOP] DNSSEC, additional special names & dr… Tony Finch
- [DNSOP] admin note Re: additional special names F… Suzanne Woolf
- Re: [DNSOP] DNSSEC, additional special names & dr… John Levine
- Re: [DNSOP] DNSSEC, additional special names & dr… Joe Abley
- Re: [DNSOP] DNSSEC, additional special names & dr… John R Levine
- Re: [DNSOP] DNSSEC, additional special names & dr… Andrew Sullivan
- Re: [DNSOP] additional special names Fwd: I-D Act… Stephane Bortzmeyer
- Re: [DNSOP] additional special names Fwd: I-D Act… Stuart Cheshire
- Re: [DNSOP] additional special names Fwd: I-D Act… Warren Kumari
- Re: [DNSOP] additional special names Fwd: I-D Act… Norbert Bollow
- Re: [DNSOP] additional special names Fwd: I-D Act… joel jaeggli
- Re: [DNSOP] additional special names Fwd: I-D Act… Jelte Jansen
- Re: [DNSOP] additional special names Fwd: I-D Act… Joe Abley
- Re: [DNSOP] additional special names Fwd: I-D Act… Ted Lemon
- Re: [DNSOP] additional special names Fwd: I-D Act… Joe Abley
- Re: [DNSOP] additional special names Fwd: I-D Act… Ted Lemon
- Re: [DNSOP] additional special names Fwd: I-D Act… Tony Finch
- Re: [DNSOP] additional special names Fwd: I-D Act… Ted Lemon
- Re: [DNSOP] additional special names Fwd: I-D Act… Jelte Jansen
- Re: [DNSOP] additional special names Fwd: I-D Act… Andrew Sullivan
- Re: [DNSOP] additional special names Fwd: I-D Act… Olafur Gudmundsson
- Re: [DNSOP] additional special names Fwd: I-D Act… Jelte Jansen
- Re: [DNSOP] additional special names Fwd: I-D Act… Warren Kumari
- Re: [DNSOP] additional special names Fwd: I-D Act… Joe Abley
- Re: [DNSOP] additional special names Fwd: I-D Act… Warren Kumari
- Re: [DNSOP] additional special names Fwd: I-D Act… Warren Kumari
- Re: [DNSOP] additional special names Fwd: I-D Act… Joe Abley
- Re: [DNSOP] additional special names Fwd: I-D Act… Stephane Bortzmeyer
- Re: [DNSOP] additional special names Fwd: I-D Act… Warren Kumari
- Re: [DNSOP] additional special names Fwd: I-D Act… Tim Wicinsku
- Re: [DNSOP] additional special names Fwd: I-D Act… Suzanne Woolf