Re: [DNSOP] Mitigation of name collisions

Danny McPherson <danny@tcb.net> Mon, 03 October 2016 23:41 UTC

Return-Path: <danny@tcb.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95AFE129564 for <dnsop@ietfa.amsl.com>; Mon, 3 Oct 2016 16:41:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.897
X-Spam-Level:
X-Spam-Status: No, score=-104.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-2.996, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qHJtqo_WHDzA for <dnsop@ietfa.amsl.com>; Mon, 3 Oct 2016 16:41:21 -0700 (PDT)
Received: from mail.tcb.net (mail.tcb.net [64.78.239.75]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D3B11293E0 for <dnsop@ietf.org>; Mon, 3 Oct 2016 16:41:21 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.tcb.net (Postfix) with ESMTP id 21A6BB6; Mon, 3 Oct 2016 17:41:21 -0600 (MDT)
X-Virus-Scanned: Debian amavisd-new at mailnew.seatmates.net
Received: from mail.tcb.net ([127.0.0.1]) by localhost (mail.chasingbugles.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ga-Qq1l52DmO; Mon, 3 Oct 2016 17:41:20 -0600 (MDT)
Received: from [192.168.1.16] (pool-108-44-249-113.clppva.fios.verizon.net [108.44.249.113]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.tcb.net (Postfix) with ESMTPSA id 979F1B1; Mon, 3 Oct 2016 17:41:20 -0600 (MDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Danny McPherson <danny@tcb.net>
X-Mailer: iPhone Mail (14A456)
In-Reply-To: <alpine.OSX.2.11.1610031932470.28732@ary.qy>
Date: Mon, 03 Oct 2016 19:41:19 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <8C0F10C5-3C0C-4879-B6B8-0ADADD90D2B2@tcb.net>
References: <90CF5269-0443-45AB-83BA-BE9F9D03831A@vpnc.org> <CAHw9_i+NaU8RtC3sraO2ZwDKQSiYtmtFOYXPGV=5q0bwTdkOpA@mail.gmail.com> <alpine.OSX.2.11.1610031921000.28732@ary.qy> <CAHw9_i+HEtdjF30pfUeRnTmrx7YjcCiOmAnP_ogjds8kkYS0-w@mail.gmail.com> <alpine.OSX.2.11.1610031932470.28732@ary.qy>
To: John R Levine <johnl@taugh.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/W6jUhwUtEiMiVPqx_qu2jn2ayIk>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Mitigation of name collisions
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Oct 2016 23:41:22 -0000

> 
> I realize that you, Warren, are virtuous and would not do anything bad with all of the secrets people fling at your server, but given the reality of the TLD ecosystem, how confident are you that nobody else running such a server would?

Precisely why they ought to be notified of their vulnerability as soon as possible if the capability exists, no?  This was certainly the crux of the WPAD issue, for example.

-danny 


> 
> R's,
> John
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop