Re: [DNSOP] Call for Adoption: draft-pwouters-powerbind

Bob Harold <rharolde@umich.edu> Fri, 01 May 2020 18:02 UTC

Return-Path: <rharolde@umich.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C54E43A18F5 for <dnsop@ietfa.amsl.com>; Fri, 1 May 2020 11:02:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umich.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id udQiYm6Q8PmM for <dnsop@ietfa.amsl.com>; Fri, 1 May 2020 11:02:46 -0700 (PDT)
Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35DC73A18F0 for <dnsop@ietf.org>; Fri, 1 May 2020 11:02:45 -0700 (PDT)
Received: by mail-lf1-x135.google.com with SMTP id z22so4297226lfd.0 for <dnsop@ietf.org>; Fri, 01 May 2020 11:02:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=czjrowPNJp4pFwOC21Jy7kOoBA3/Xiy457OIc04gAHA=; b=FrxWjMCkDmg9RMsFCkp/IJzqRKQDTCLVPpn+WNQg6InofiUBW3tat7Oy/0EaAN5bS0 chcUMo/AlAV/OXdtgnbqRYWJXY7pKBwM5A3oldv+gTYqi0do6jNeDWPr3Wt3mvQRUcEA S6PDG2M2tGTjFu99YUMwzRa1JqKTvkMPD85N1chwFIGY0uLg91IN6x80joHXRAJ7Kfx+ ps/0J3T9gOFI4kZfgseHcYnD+Dz9LmtaILCOkLIcSwrn7QCZ7eP2X2MDeQPceK4oWNcj WnQYu4iq71GtHi2hEyJgfKLK/5HV1b3DACyf0QRFWnA8J6iXHW0LcQNB1WLvVCI4eePY A1wg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=czjrowPNJp4pFwOC21Jy7kOoBA3/Xiy457OIc04gAHA=; b=g6GFIUtZNXNw7ii/Rlasye+kESIAGUQ5myH31B4Coidh95ih3fcLS0DxrU380wDj6J GHXL7wEN7e32k5EUpha4ZJYSvBA1fMUvvsgeYq0SQVkD7byMDejgV+Et3m515jnRMK3l dEQQ16c5e0WEeGt3GWI/9ZbtowdkY9Mklxk+/+LeJKfx1nh2Rw/yPQNr99oewE2joEyD L3XDoQt0dyYPSxCoq/kIaAXnifdQnf+CKwh4d78wzFtFuIcWxPddOyLmU5wvlZkXnRJB qkQXCDOjaHVZsqP5gNwvU6aokgFiAwJhHGr9LD8DRTZALfU2iZrfl9uhjd+5kcVyXcdN 6gFg==
X-Gm-Message-State: AGi0PubHrspndQiUp9tKqPod1iy6m3Y3F3/eQNnRwcJt5wXNgY9SzOCt 1zDZmanqqAYTMfXDENb1vawIDVPVVmTd2PoGlX4tEmA7
X-Google-Smtp-Source: APiQypIRwr1lqQZ8xYnw6tBeGKsGkUKiOzeU7VUTc7RZw+4sh1XAj5nAwyTKtSqpj8MFrqE1LKJSKLkksx/FpjUTcUY=
X-Received: by 2002:a19:4b90:: with SMTP id y138mr3148435lfa.39.1588356163812; Fri, 01 May 2020 11:02:43 -0700 (PDT)
MIME-Version: 1.0
References: <yblr1w438fb.fsf@w7.hardakers.net> <20200501014428.427E818950D7@ary.qy>
In-Reply-To: <20200501014428.427E818950D7@ary.qy>
From: Bob Harold <rharolde@umich.edu>
Date: Fri, 1 May 2020 14:02:32 -0400
Message-ID: <CA+nkc8B44xPK=QxRsOsPtY1V0NT7Bji7Cf2AiPp2SH29oG6gNw@mail.gmail.com>
To: John Levine <johnl@taugh.com>
Cc: IETF DNSOP WG <dnsop@ietf.org>, Wes Hardaker <wjhns1@hardakers.net>
Content-Type: multipart/alternative; boundary="000000000000ebdaa705a499fcbc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/P4BLAFHm0H9sAKgobLAPRecmkNk>
Subject: Re: [DNSOP] Call for Adoption: draft-pwouters-powerbind
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 May 2020 18:02:52 -0000

On Thu, Apr 30, 2020 at 9:44 PM John Levine <johnl@taugh.com> wrote:

> In article <yblr1w438fb.fsf@w7.hardakers.net> you write:
> >Yep, I suspect some of the bigger TLDs probably couldn't opt in to this
> >draft simply because they're full of, um, "history".  Until that history
> >is cleaned, they probably couldn't deploy it.
>
> It's not just history.  All of the nominet TLDs and many Verisign TLDs
> have signed A records that are clearly deliberate.  There's also a fair
> number of TXT records named zz--zz.<domain> that have some sort of info
> about when the zone was updated.
>
> I think it's benign to allow any sort of record as an immediate child
> of the domain, since you need to go two levels down for split zones.
> That handes the nominet and zz--zz cases.
>
> R's,
> John
>
>
Is there any chance that a user trying to reach https://example.com could
get the orphan glue A record for example.com instead of the A record in the
real zone?
(Just trying to think of cases where orphan glue might make a difference.)

-- 
Bob Harold