IETF Logo Mail Archive

[DNSOP] Re: [Ext] Re: what problem are we trying to solve, was Call for Adoption: draft-davies-internal-tld

John Levine <johnl@taugh.com> Tue, 17 June 2025 15:56 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 1095F3602DBF for <dnsop@mail2.ietf.org>; Tue, 17 Jun 2025 08:56:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.4
X-Spam-Level:
X-Spam-Status: No, score=-4.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="jndtQB5h"; dkim=pass (2048-bit key) header.d=taugh.com header.b="MKTsmhBT"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qpuSdOfF4g9t for <dnsop@mail2.ietf.org>; Tue, 17 Jun 2025 08:56:26 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id A1F743602D9E for <dnsop@ietf.org>; Tue, 17 Jun 2025 08:56:26 -0700 (PDT)
Received: (qmail 80814 invoked from network); 17 Jun 2025 15:56:26 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding:cleverness; s=13bab6851902a.k2506; t=1750175776; x=1750521376; bh=b6hdyL+rk/C4YSI2hfdjFclCBH6eQBQLz11VPy27hEM=; b=jndtQB5hm2oLSAWFoyAhatCg3fx4aNLpv4Uf0W905v4AsmUQq2KzZaZZVQZV+AVPFj8XPgq8RK0G87BtS0v/HVliLvknk+KHG7hvm9JYr+6KGfpSfjSc94W7PcM3Wy9Lzu7vGz2cY47FXmKpihYFW17Yier/mS3HLAMG850YOK0ckyA/H5nNDkB2OhymlP45+eLCi7SCdfgrOWlWx/fNSKzWP+PBicXaDZCFSrvx6Lj12JosHRdDrgHx8q5KmFKcb1RlDI6uO3Z1iMR9tCaG8eDvY17kiKgyEoaEAaVWe+9vo9I2ExADftl7kJm/FZenhIprXbDJu44e54ccGzg01w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding:cleverness; s=13bab6851902a.k2506; bh=b6hdyL+rk/C4YSI2hfdjFclCBH6eQBQLz11VPy27hEM=; b=MKTsmhBTDqOHOEtJx4ckQk/HO6v0J/pX7ABPR4fW9r58l3ObWWbmLYrcwQsYZcQEmKcxNuo3WawNAyCL7rlQLL7utMbSK45mS8d5TU/GcTfgjsmtINQFkui8BONQxsuYkIH4k7OChl2NQd50+qemplHMmUz01slRxZcsERFXvo8zJmLtNX+Ct2v0JE9l+ZmqbJGr1rjJsxl9XYdHUaaxQyzkkYrUmR7kDn8LoakUqmC9uSnawGRLD8H2L77ggQw0FOGf8ycc2+GPqjMvUT7n5xyTKutekpNIw9mv7G1BWXEjChHOo+838enhULQFIfH63PXVlBGJlDjUvjmNuiUQxg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126:0:78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126:0:78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA CHACHA20-POLY1305 AEAD) via TCP6; 17 Jun 2025 15:56:25 -0000
Received: by ary.qy (Postfix, from userid 501) id 4A1B8CE93F75; Tue, 17 Jun 2025 11:56:25 -0400 (EDT)
Date: Tue, 17 Jun 2025 11:56:25 -0400
Message-Id: <20250617155625.4A1B8CE93F75@ary.qy>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
In-Reply-To: <5ed468ec-f2c5-4cac-bea3-36a8da3a5931@isc.org>
Organization: Taughannock Networks
References: <1C9E8ABA-4399-491B-A9F4-D9ACCB1BA72C@virtualized.org> <866409E5-0D9A-4669-8C6E-C9D1C7BDAA21@dnss.ec> <SA1PR15MB4370BAE2BD669193DDB9AE44B38D2@SA1PR15MB4370.namprd15.prod.outlook.com> <20250502171756.5AC67C762C3C@ary.qy> <SA1PR15MB43704113DF8B19A8A5A66AD6B38D2@SA1PR15MB4370.namprd15.prod.outlook.com> <4B83E121-9562-449C-A00E-2A31894ADED0@icann.org> <m1uBDWf-0000MlC@stereo.hq.phicoh.net> <9EE8E4CC-04A3-46C7-BDDF-EF538A822AA8@virtualized.org> <m1uBHRs-0000LsC@stereo.hq.phicoh.net> <BE3A5560-740A-47A9-835B-8C8EEF2B50B9@virtualized.org> <m1uCDdk-0000LlC@stereo.hq.phicoh.net> <20250506133721.199BCC803209@ary.qy> <m1uCItL-0000LTC@stereo.hq.phicoh.net> <6d8bc9b1-8729-08b7-bd0c-564ae0dd3a59@taugh.com> <9D0395B7-1157-4569-B2C7-628BBD909887@fugue.com> <C3487997-B656-4A6D-A069-752077629957@icann.org> <5ed468ec-f2c5-4cac-bea3-36a8da3a5931@isc.org>
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Message-ID-Hash: W44UK54FSRHR74B43PTBIHFUVCFJIMBW
X-Message-ID-Hash: W44UK54FSRHR74B43PTBIHFUVCFJIMBW
X-MailFrom: johnl@iecc.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: [Ext] Re: what problem are we trying to solve, was Call for Adoption: draft-davies-internal-tld
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/JRUs9f6lpKw_8GFJrUC8GA2shik>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

It appears that Petr Å paÄ ek <pspacek@isc.org> said:
>This is provably incorrect. 10.in-addr.arpa is an insecure delegation 
>which with network-dependent content, and it works for decades. ...

I dunno about you, but on all the systems I use the local cache substitutes
a stub for 10.in-addr.arpa so it doesn't matter what the global DNS says.

We seem to have a fairly basic religious difference of opinion here. Some of us
believe that adding an opt-out in the root will make all DNSSSEC validators
work, or if not all, enough to declare the problem solved. Others of us observe
that our DNS software has already has special cases for locally served zones,
they do not depend on what's in the global DNS, and and we believe that putting
something in the global DNS for .INTERNAL will be confusing and won't solve real
problems.

I don't see any way to reconcile those.

R's,
John

v2.31.3 | Report a Bug | By Email | System Status