IETF Logo Mail Archive

Re: [DNSOP] ALT-TLD and (insecure) delgations.

Andrew Sullivan <ajs@anvilwalrusden.com> Sat, 04 February 2017 02:16 UTC

Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F81B1295EF for <dnsop@ietfa.amsl.com>; Fri, 3 Feb 2017 18:16:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BN2Vr1r_SRka for <dnsop@ietfa.amsl.com>; Fri, 3 Feb 2017 18:16:21 -0800 (PST)
Received: from mx2.yitter.info (mx2.yitter.info [IPv6:2600:3c03::f03c:91ff:fedf:cfab]) by ietfa.amsl.com (Postfix) with ESMTP id CD5F912952F for <dnsop@ietf.org>; Fri, 3 Feb 2017 18:16:21 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mx2.yitter.info (Postfix) with ESMTP id 736C511649 for <dnsop@ietf.org>; Sat, 4 Feb 2017 02:16:26 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at crankycanuck.ca
Received: from mx2.yitter.info ([127.0.0.1]) by localhost (mx2.yitter.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j8K2WHs1vNW8 for <dnsop@ietf.org>; Sat, 4 Feb 2017 02:16:25 +0000 (UTC)
Received: from mx2.yitter.info (192-0-220-231.cpe.teksavvy.com [192.0.220.231]) by mx2.yitter.info (Postfix) with ESMTPSA id BC3231162D for <dnsop@ietf.org>; Sat, 4 Feb 2017 02:16:25 +0000 (UTC)
Date: Fri, 03 Feb 2017 21:16:19 -0500
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: dnsop@ietf.org
Message-ID: <20170204021619.GG67739@mx2.yitter.info>
References: <CAHw9_i+8PA3FQx8FqW-xQ_96it7k-g5UrMB7fxARUi1gwQ++hw@mail.gmail.com> <20170201204455.6nymmjlj5lzq2ect@mycre.ws> <CAHw9_iJ50jWgsAe+hRKUtubfAtpt7+GEeCKEASzypcf86+4nYA@mail.gmail.com> <20170204015158.GB67739@mx2.yitter.info> <5BB1A3F5-5EFB-4164-9720-68E262E58636@fugue.com> <CAKr6gn1J1_OW=d8pc9S2ZW5Zfd1m9cQqOmOH-sTc5Rs46hpFdg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAKr6gn1J1_OW=d8pc9S2ZW5Zfd1m9cQqOmOH-sTc5Rs46hpFdg@mail.gmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/QKqLUOnSQNKQOqeHrq3x9yBysQk>
Subject: Re: [DNSOP] ALT-TLD and (insecure) delgations.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Feb 2017 02:16:23 -0000

On Fri, Feb 03, 2017 at 08:58:43PM -0500, George Michaelson wrote:
> sorry to be thick, but.. can we have both on a case-by-case basis somehow?

Well, if the stub that is going to query in this namespace _knows_
that it's special, then it also knows not to validate it too.  So
that's not a problematic case, and the provable denial of existence
from the root isn't an issue.

So the only question is whether this has to work properly for any
random resolver doing normal operations -- is this like RFC 1918 for
the DNS?  If we want that (and for homenet, for instance, that's
basically the use case) then we have a problem.  But if we don't think
that's necessary -- and I'm not sure it is -- then we don't have to
care about this.

A
-- 
Andrew Sullivan
ajs@anvilwalrusden.com

v2.23.0 | Report a Bug | By Email