IETF Logo Mail Archive

Re: [DNSOP] Questions on draft-ietf-dnsop-private-use-tld-01.txt

Andrew McConachie <andrew@depht.com> Mon, 19 April 2021 14:18 UTC

Return-Path: <andrew@depht.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A95983A32F2 for <dnsop@ietfa.amsl.com>; Mon, 19 Apr 2021 07:18:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.004
X-Spam-Level:
X-Spam-Status: No, score=0.004 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=depht-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xMII0Wi9lfEK for <dnsop@ietfa.amsl.com>; Mon, 19 Apr 2021 07:18:09 -0700 (PDT)
Received: from mail-ot1-x330.google.com (mail-ot1-x330.google.com [IPv6:2607:f8b0:4864:20::330]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27EA53A334B for <dnsop@ietf.org>; Mon, 19 Apr 2021 07:17:57 -0700 (PDT)
Received: by mail-ot1-x330.google.com with SMTP id f75-20020a9d03d10000b0290280def9ab76so27576775otf.12 for <dnsop@ietf.org>; Mon, 19 Apr 2021 07:17:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=depht-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version; bh=KOzjbrmcS3PpeIsDlXGyUNF1do+RnLpLpaegmnTR3h8=; b=oKBqjlD/pmPvCfI5e8OA6/6PA0ADZzP9u/ODUoSIjXiutNpy4O84MWjYlLWSYYxvXB 5ajHbDcPEwyTkh5crP159T/Pdnt9g+6GHl1jJKTfwWPe4gDmrYyps9ym6iC+ItSbCEXE QqJsxXX/WqqBo0EUyrta8WLdj5U0IM0/FYJaTltlh7Xz8cdT7v6egCD+aN8bEOJ267qX cT5iFRXJCvSOx3i8K6/oDB3yl7Dttz71BfSXA06Q54orQQCrMqg0hfoyP+ueKdl1oT2I CJrDudFzyt6UMvGoygsR2m3dfMsZgzYA9gAK/itxq8LfukJUu8ic9mSJcd9DbhL223G1 Ff+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version; bh=KOzjbrmcS3PpeIsDlXGyUNF1do+RnLpLpaegmnTR3h8=; b=nJkDOhAldpRCDPncIWAdZpaeLKDfhC6MRPQPgpZwQ/5ZaKJ23S5YHSwrBHLlEV/3qA CutBilFWePDGqC9jh1tOb3pfgsN2rCR+HoGHEQX4s/nD6W3RqPf/8VnWFiuvpZ56U6w4 XwoP/R0JEGcO7wyG2K1z8yHz2Bz3A3on8fHNNLHMuuqylj3o2g6oS8VgBTbHEGKEix5S ss6tjMDdwuNicTovHIjlhmrk8PDCtuHiSWjPO9OBxa9qXwr0SlmPboJGQ10XCe9fwv9C yEn4NkYL2/uUWwcFelnUn/B8FwEmUHV/dZ7HINwATM1uuJESJV9lptmJyVOobkujcC4L 1ZUQ==
X-Gm-Message-State: AOAM532D1kT4c9ONUw4MfeLqNC4FxNGux3yvnvTGub6ca9XGGDVp8HWu Qq660vBBCZWUkLh2m0FB0l6YBA==
X-Google-Smtp-Source: ABdhPJze8Cc3NxnA92nn+a5g8CiBl3aeDk3G+iqTevIsfuU74SdKIEvsvXMTA86dq9tdBqwra2LFdQ==
X-Received: by 2002:a9d:6951:: with SMTP id p17mr15595421oto.206.1618841875109; Mon, 19 Apr 2021 07:17:55 -0700 (PDT)
Received: from [10.47.61.36] ([2a02:a212:9285:29f0:4cc6:f4d0:2612:da96]) by smtp.gmail.com with ESMTPSA id n13sm3452871otk.61.2021.04.19.07.17.53 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 19 Apr 2021 07:17:54 -0700 (PDT)
From: Andrew McConachie <andrew@depht.com>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: DNSOP Working Group <dnsop@ietf.org>
Date: Mon, 19 Apr 2021 16:17:52 +0200
X-Mailer: MailMate (1.13.2r5673)
Message-ID: <70F7005D-6F8B-4BC0-BDAF-A415F62A7E8E@depht.com>
In-Reply-To: <5F3F8198-23EA-4BA9-A07E-EF7AB035CE72@icann.org>
References: <161805873252.19178.11471347094062424385@ietfa.amsl.com> <88395F35-AF22-489C-B9D6-2FFE4EB1A767@depht.com> <5F3F8198-23EA-4BA9-A07E-EF7AB035CE72@icann.org>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/EEJtjKDVKKEQIOGlyFeve3BJGXY>
Subject: Re: [DNSOP] Questions on draft-ietf-dnsop-private-use-tld-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Apr 2021 14:18:14 -0000


On 16 Apr 2021, at 17:18, Paul Hoffman wrote:

> On Apr 16, 2021, at 5:31 AM, Andrew McConachie <andrew@depht.com> 
> wrote:
>
>> If I understand section 4.3 correctly, DNSSEC validating stub 
>> resolvers SHOULD NOT resolve these names. Is that the intention of 
>> Section 4.3?
>
> No, definitely not. The text says:
>    3.  Name resolution APIs and libraries SHOULD NOT recognise these
>        names as special and SHOULD NOT treat them differently.  Name
>        resolution APIs SHOULD send queries for these names to their
>        configured caching DNS server(s).
> Not recognizing them as special means to treat them like any other 
> name. There is no mention of DNSSEC.
>

I realize now my question was unclear. My understanding is that a DNSSEC 
validating stub SHOULD attempt to validate these names, which will fail. 
Therefore a DNSSEC validating stub cannot use these names.

Thanks,
Andrew

v2.23.0 | Report a Bug | By Email