IETF Logo Mail Archive

Re: [DNSOP] [dbound] Related Domains By DNS (RDBD) Draft

David Conrad <drc@virtualized.org> Wed, 27 February 2019 17:23 UTC

Return-Path: <drc@virtualized.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCC6E13102E for <dnsop@ietfa.amsl.com>; Wed, 27 Feb 2019 09:23:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=virtualized-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zjaZlfjn-dQc for <dnsop@ietfa.amsl.com>; Wed, 27 Feb 2019 09:23:31 -0800 (PST)
Received: from mail-pf1-x42e.google.com (mail-pf1-x42e.google.com [IPv6:2607:f8b0:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F8D413102A for <dnsop@ietf.org>; Wed, 27 Feb 2019 09:23:31 -0800 (PST)
Received: by mail-pf1-x42e.google.com with SMTP id n22so8323942pfa.3 for <dnsop@ietf.org>; Wed, 27 Feb 2019 09:23:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtualized-org.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=ttSqyxB3cbhgqQl5fsj8buYvZ3Rg6VFsucrvLmije44=; b=KSm+OWUFLaFmx9Nz5kD1jMRCWyjQN6fQj0ERznBd+ccHQAA1lmNwMefl4Ay3uI36IN cCIOvW7lJxBfqawkgjB+bSrASDPfl0LV6rWTqD9OchlPf7gna7XWBnvXB6viGTXQU5JM gbuC+49X6qJrr8pmMCTBtFDnAkKClXR2mj4w7N2+/29UfAe4HzSMLg6tNyjNRDll2l5m aKSoUVrPyUfFdAsCWXgypqyU38tcBBzzecDCJ6z6mEtpp5oFQS9doc4pdVuxit+VDE4P UwEIQnQkr2hSPjd1wOjmnMQYo1AGlWdgOgw8MTll3sx+LV3I6k0CRcRQYq+J2T0PMXTf c9Hw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=ttSqyxB3cbhgqQl5fsj8buYvZ3Rg6VFsucrvLmije44=; b=D3stjHN9yzZvUO0Ih7CqfyuvBz6v4V+9aH2RdDEajjH+RJwyp8BerkhI9fYuVL17oc 4UEsy7iM1gQoDN2amim62T5E1R4fFRlEqCmgFtwRPJ6InPfeanou1Wwbm5cdH8UZ21Oa r3tRndvkr8M62+kAPoWOBsJXN2cr8M0YyryhIGw//RIXD/lKG4Fo1FGNh2rFKJeFrsiO 0HbvlLiCv9AWXxYAEe5Q5OzxxxWZQdgdRNR3qtatM59MbBb00VX/CorXd1ODQ3S9t8Bb jLDdXKUFv11KwS/lQrow3PWMjuRx7KZGUj4BLMTJW97RcSDc9wDEyQIIzWM6QAzlfys8 tBnw==
X-Gm-Message-State: AHQUAubOvP8tBb3eyCS1ZMYnkhO3oEu7sfLfwtHuZmwZqK/D+3btVb2U Lv20P8dVAUMANnVWSoS3MzCksQ==
X-Google-Smtp-Source: AHgI3IbgH24qGupZnDyISMKrI82zxtW2vQPOKLQfMj5CGaTe0LMuKerOlmYGny2sEMUq7OnGv7KoYw==
X-Received: by 2002:a63:9dc3:: with SMTP id i186mr3948537pgd.305.1551288210360; Wed, 27 Feb 2019 09:23:30 -0800 (PST)
Received: from [10.32.61.11] (32-236.lax.icann.org. [192.0.32.236]) by smtp.gmail.com with ESMTPSA id e63sm31993148pfa.116.2019.02.27.09.23.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 Feb 2019 09:23:29 -0800 (PST)
Content-Type: multipart/signed; boundary="Apple-Mail=_0223F428-57F0-4A94-92FB-A199C8BE62D4"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: David Conrad <drc@virtualized.org>
In-Reply-To: <f14544d37a774907a7cc76ab5bdb8b72@PACDCEX19.cable.comcast.com>
Date: Wed, 27 Feb 2019 18:23:22 +0100
Cc: Paul Wouters <paul@nohats.ca>, "art@ietf.org" <art@ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>, "dbound@ietf.org" <dbound@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailbutler-Message-Id: 836038D5-D2BE-4039-88D3-6AE159723752
Message-Id: <3E32ABA2-6E8E-4E92-A5FB-F194CFC62A5D@virtualized.org>
References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> <alpine.LRH.2.21.1902270920580.8896@bofh.nohats.ca> <f14544d37a774907a7cc76ab5bdb8b72@PACDCEX19.cable.comcast.com>
To: "Brotman, Alexander" <Alexander_Brotman@comcast.com>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/BKotBJpWvLwSyf9FBVX1z3dh2BQ>
Subject: Re: [DNSOP] [dbound] Related Domains By DNS (RDBD) Draft
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2019 17:23:33 -0000

Alexander,

On Feb 27, 2019, at 4:32 PM, Brotman, Alexander <Alexander_Brotman@comcast.com> wrote:
> I'm supportive of doing this in other ways, but also understand that DNSSEC is not widely deployed.

There is a difference between not being deployed and not being turned on.  My impression is that most DNS servers these days support DNSSEC, however it has largely not been enabled.  If you are going to be putting stuff into the DNS for security decisions, you need to protect that stuff and that means turning on DNSSEC.

Regards,
-drc

v2.23.0 | Report a Bug | By Email