IETF Logo Mail Archive

Re: [DNSOP] New draft on delegation revalidation

Shumon Huque <shuque@gmail.com> Sat, 11 April 2020 17:07 UTC

Return-Path: <shuque@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 706D93A153F for <dnsop@ietfa.amsl.com>; Sat, 11 Apr 2020 10:07:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AVf8Ol50cHrP for <dnsop@ietfa.amsl.com>; Sat, 11 Apr 2020 10:07:30 -0700 (PDT)
Received: from mail-ot1-x32b.google.com (mail-ot1-x32b.google.com [IPv6:2607:f8b0:4864:20::32b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 088D63A153E for <dnsop@ietf.org>; Sat, 11 Apr 2020 10:07:29 -0700 (PDT)
Received: by mail-ot1-x32b.google.com with SMTP id v2so4913189oto.2 for <dnsop@ietf.org>; Sat, 11 Apr 2020 10:07:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MnQ+qK1OCHYbMwTntDUZqdQYfJFey6HVlJedSPhgTCE=; b=J1Ixy0fbu3Gm4MkwcZKRF1/EaJhuNIxWVqWmqhzTFMN8c8JSAMFpA3BhtbpEEmg69G PueBtEtqY1KHW14EVuVf4j3FeSFBleGrjwczxIME5mO67O0tjwBUwRi9vQ+hw2cC2VYQ N5tvRrnneerlgQ5J8XOxvpdybBsM2beRqqvX3Ca0Hx1Udc1EnHJH9Qrx/KtcdUKXEWdZ 8kdv5J81o1MgNqHStUnIqU4Wkc6qY96OpDtghf/ERmaUaK4Iv6QFH8EO5bNNn3NVwSNY CgXd/VLmKOV1ZOtW+A1uQGpggTfAp0ZJG2lAwtdO4p/epCZiX7S0PW0mEN6njrqKOWIo o58Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MnQ+qK1OCHYbMwTntDUZqdQYfJFey6HVlJedSPhgTCE=; b=g/lPYjDZV2IJKQfgtTncaXfgNIp4yICv9udqDZWY2To+ptDPDbxQ9v+tQZdFkqsSXl NjWstI4G1O38WLZXwtA40kMBJbK0PGkERRkvEbfC8kX3yZMq1UH/ZLKG9u7gYP0dVk93 etcgoEoxwmrAQoHq7o7+lZRcq6CbuCNU5C++bxyB5QvCIHfLfOeRHBFnp1Pv4jzd61pm VjsN0hR35PZ+VEFhR5lYZZP3uGF17V6b2O4k8kJLcMqFnfzIKII+lcnQLae9/tJqiPky e2fV3rI0djZhY56TqKFWsqocHAoqB6Bs82aRVmEKsXaPTHp+kVwP2lcN65PXlKhtucri 6GaQ==
X-Gm-Message-State: AGi0PuZY28WbvtIHeQZEJJymLhK/L5nkNZV11VCV6FOBpHN4Vlv+bvCS 6+Owf5zgTepVFElaubmvBEpGHRrX6FXyUoAL6LM=
X-Google-Smtp-Source: APiQypK6U0hxtBTup/I2BchZH0sjoUEzsWM3mOwSRCK5DJ7xIkxGeRecvgYy+s7+zVHbpk8OsSSMfNkusO/Eyw+24f8=
X-Received: by 2002:a05:6830:199:: with SMTP id q25mr8860188ota.341.1586624849227; Sat, 11 Apr 2020 10:07:29 -0700 (PDT)
MIME-Version: 1.0
References: <CAHPuVdV9eSCLQOqMF0cq8fHcuSZs7nCgjhHMfMoaV5H=ekbtSA@mail.gmail.com> <CAH1iCiqcdQCDs0gY=+zJdkfLx4+mbEAzSZp1hPJuyM5U0KTAiQ@mail.gmail.com> <CAHPuVdUjsC62TK-4WeaL-TWgBpz_qk7mQb=JqGQd5U_djXNA3Q@mail.gmail.com> <20200411163402.GA16602@sources.org>
In-Reply-To: <20200411163402.GA16602@sources.org>
From: Shumon Huque <shuque@gmail.com>
Date: Sat, 11 Apr 2020 13:07:18 -0400
Message-ID: <CAHPuVdX5ihg5_hiwyatuXXxvUG6Luh1nQeFGtfvsm-f--bxYGQ@mail.gmail.com>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Cc: Brian Dickson <brian.peter.dickson@gmail.com>, "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000087b23605a306e251"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/CrujMZSh_FrH9qR1dl-psSiwEv0>
Subject: Re: [DNSOP] New draft on delegation revalidation
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Apr 2020 17:07:31 -0000

On Sat, Apr 11, 2020 at 12:38 PM Stephane Bortzmeyer <bortzmeyer@nic.fr>
wrote:

> On Sat, Apr 11, 2020 at 09:22:42AM -0400,
>  Shumon Huque <shuque@gmail.com> wrote
>  a message of 138 lines which said:
>
> > I've heard proposals in the past that TLDs should routinely scan all
> > their delegations to identify such problems, but I gather this is a
> > challenging requirement to impose on them for various reasons.
>
> Also, delegation is not only done by TLDs. The problem, already huge
> with only the TLDs, would be even worse with all the delegating
> domains.
>

Sure. Brian was asking specifically asking about the TLD case, so my
answer was in that context. For that space, I think one of the issues is:
even if they were willing to verify all the delegations, it isn't clear what
they are permitted to do about it, beyond notification to the registrants
(or so I've heard).

Shumon.

v2.23.0 | Report a Bug | By Email