Re: [DNSOP] Ben Campbell's No Objection on draft-ietf-dnsop-negative-trust-anchors-10: (with COMMENT)
ebersman-ietf@dragon.net (Paul Ebersman) Mon, 20 July 2015 14:32 UTC
Return-Path: <ebersman-ietf@dragon.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 014621A890F; Mon, 20 Jul 2015 07:32:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.912
X-Spam-Level:
X-Spam-Status: No, score=-1.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k9aVHveyXv3J; Mon, 20 Jul 2015 07:32:19 -0700 (PDT)
Received: from mail.dragon.net (mail.dragon.net [IPv6:2001:4f8:3:36::235]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C2E71A88A7; Mon, 20 Jul 2015 07:32:19 -0700 (PDT)
Received: from fafnir.remote.dragon.net (localhost [127.0.0.1]) by mail.dragon.net (Postfix) with ESMTP id AB41137409D7; Mon, 20 Jul 2015 07:32:18 -0700 (PDT)
Received: by fafnir.remote.dragon.net (Postfix, from userid 501) id F0A1F1FC06AC; Mon, 20 Jul 2015 16:32:15 +0200 (CEST)
Received: from dhcp-b403.meeting.ietf.org (localhost [127.0.0.1]) by fafnir.remote.dragon.net (Postfix) with ESMTP id F031D1FC06AB; Mon, 20 Jul 2015 16:32:15 +0200 (CEST)
To: Ben Campbell <ben@nostrum.com>
From: ebersman-ietf@dragon.net
In-reply-to: <20150708180834.1627.39049.idtracker@ietfa.amsl.com>
References: <20150708180834.1627.39049.idtracker@ietfa.amsl.com>
Comments: In-reply-to "Ben Campbell" <ben@nostrum.com> message dated "Wed, 08 Jul 2015 11:08:34 -0700."
X-Mailer: MH-E 7.4.2; nmh 1.3; XEmacs 21.4 (patch 22)
Date: Mon, 20 Jul 2015 16:32:15 +0200
Message-Id: <20150720143215.F0A1F1FC06AC@fafnir.remote.dragon.net>
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/V6USUwv6qA-FoJSCxPdK4ZGICco>
X-Mailman-Approved-At: Mon, 20 Jul 2015 07:35:07 -0700
Cc: tjw.ietf@gmail.com, draft-ietf-dnsop-negative-trust-anchors.ad@ietf.org, dnsop-chairs@ietf.org, dnsop@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-dnsop-negative-trust-anchors.shepherd@ietf.org, draft-ietf-dnsop-negative-trust-anchors@ietf.org
Subject: Re: [DNSOP] Ben Campbell's No Objection on draft-ietf-dnsop-negative-trust-anchors-10: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jul 2015 14:32:20 -0000
Thanks for the comments and input. bcampbell> Can an operator be reasonably expected to be able to confirm bcampbell> that a domain is being operated by its rightful owner? A fair amount of the time, yes. I run the DNS team for Comcast and we've had pretty good luck getting to zone owners. Better than I'd expected, to be honest. bcampbell> This seems to favor erring on the side of keeping the NTA. I bcampbell> think security would suggest erring on the side of removing bcampbell> the NTA. Operationally painful without a noticable improvement in security. Checking that the FQDN now validates would be done the same way it was done initially, so we should have the same confidence level that an NTA is still or is now not necessary.
- [DNSOP] Ben Campbell's No Objection on draft-ietf… Ben Campbell
- Re: [DNSOP] Ben Campbell's No Objection on draft-… Warren Kumari
- Re: [DNSOP] Ben Campbell's No Objection on draft-… Ben Campbell
- Re: [DNSOP] Ben Campbell's No Objection on draft-… Paul Ebersman