Re: [DNSOP] RDBD (Related Domains By DNS)
"Ivanov, Pavel" <Pavel.Ivanov@team.neustar> Tue, 03 March 2020 22:00 UTC
Return-Path: <prvs=4331ba5331=pavel.ivanov@team.neustar>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C7A03A0AB5 for <dnsop@ietfa.amsl.com>; Tue, 3 Mar 2020 14:00:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.088
X-Spam-Level:
X-Spam-Status: No, score=-2.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_MIME_MALF=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=team.neustar
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qIGt1p6at7sn for <dnsop@ietfa.amsl.com>; Tue, 3 Mar 2020 14:00:17 -0800 (PST)
Received: from mx0b-0018ba01.pphosted.com (mx0a-0018ba01.pphosted.com [67.231.149.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D24963A0AB3 for <dnsop@ietf.org>; Tue, 3 Mar 2020 14:00:17 -0800 (PST)
Received: from pps.filterd (m0078666.ppops.net [127.0.0.1]) by mx0a-0018ba01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 023Lrn7j001735 for <dnsop@ietf.org>; Tue, 3 Mar 2020 17:00:17 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=team.neustar; h=from : to : subject : date : message-id : content-type : mime-version; s=team-neustar; bh=D9NTycnpGpgFbnX4waoaQqtABVL2sSJiszqc6c170cQ=; b=x+i24yCzp37D5mekK9agNXDLr3DnLkPfQoFGfLVwUdlyKZsiFdIqCLZnqr8cSWUv4/M6 7lRzvJkUT/TbPhjV425tfypLNrpBKtS+RqN9QEDIL8Vj9IaxkvhLlNuwvVgrnXeNAhup h1baxRK9u+Er6D5voDw5se1JJIUXMFSzYAFclFncVEqsI/lAd1K+Me+8AJKmQ+nG+d1C JxlF/gXUHdm74gHN33ndgtwHNyxAyP7OPrhFiyyyRR2F3L+VcbfDsI1oV+bRwz7NGqYN evyqoDtLaRAEWdysWTQslueriKzCxt1YmJH9Nbcc288rjLYp3bJWkgDOI26U+CNYAuii AQ==
Received: from stntexhc10.cis.neustar.com ([156.154.17.216]) by mx0a-0018ba01.pphosted.com with ESMTP id 2yfmy0d1tp-3 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <dnsop@ietf.org>; Tue, 03 Mar 2020 17:00:17 -0500
Received: from STNTEXMB101.cis.neustar.com ([fe80::1cf4:b524:6eb3:ff1e]) by stntexhc10.cis.neustar.com ([10.31.58.69]) with mapi id 14.03.0439.000; Tue, 3 Mar 2020 17:00:16 -0500
From: "Ivanov, Pavel" <Pavel.Ivanov@team.neustar>
To: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [DNSOP] RDBD (Related Domains By DNS)
Thread-Index: AQHV8acec0fSX+MVFUWiFvic0C68aQ==
Date: Tue, 03 Mar 2020 22:00:15 +0000
Message-ID: <A0F29B9F-81A8-46D4-B1C3-DF6EF24303D2@Team.neustar>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.96.22.77]
Content-Type: multipart/alternative; boundary="_000_A0F29B9F81A846D4B1C3DF6EF24303D2Teamneustar_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-03-03_07:2020-03-03, 2020-03-03 signatures=0
X-Proofpoint-Spam-Reason: orgsafe
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/WH2gUKoR1DgNLQP6Y8o17uozHNM>
Subject: Re: [DNSOP] RDBD (Related Domains By DNS)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Mar 2020 22:00:20 -0000
It does seem that domain relationship management would be a useful capability, especially as it relates to phishing or other spoofing attacks.
SS 5.2 DNSSEC (and elsewhere) indicates that signatures are NOT required. This section, however, seems to give a good reason that maybe they SHOULD be required, or at minimum strongly encouraged, and that bidirectional relationship agreement MUST exist (signed or unsigned) to be valid.
Granted, the Introduction specifically states that “[i]t is not a goal of this specification to provide a high-level of assurance as to whether or not two domains are definitely related…”, but why would anyone read/consider/trust unsigned relationships (except maybe a quick turn research thing)? Using “SHOULD”, rather than leaving it open, seems to make this much more valuable. That said, however, I will defer to those better informed and engaged.
The following minor (typos, misspelling, etc.) items were found:
* SS 1.2. Relating-domain --> "declarating" should be replaced, probably with “declaring”
* SS 5.1 Efficiacy of signatures --> “Efficiacy” should be replaced, probably with “Efficacy”
Pavel Ivanov
Neustar UltraDNS Developer
Message: 3
Date: Tue, 3 Mar 2020 19:11:32 +0000
From: "Brotman, Alex" <Alex_Brotman@comcast.com>
To: "dnsop@ietf.org" <dnsop@ietf.org>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: [DNSOP] RDBD (Related Domains By DNS)
Message-ID:
<SN6PR11MB263815A3157874070BE86908F7E40@SN6PR11MB2638.namprd11.prod.outlook.com>
Content-Type: text/plain; charset="us-ascii"
Hello,
A while ago, Stephen and I had sent out a few versions of this, and we had some discussions and revisions were made. At the time, discussion waned, however I wanted to pick this up again before the onset of IETF107.
https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-brotman-rdbd/__;!!N14HnBHF!pkAt3oSFWKc3AJCnGWWSFQGM-bOsfa9K5ma5B5pV4CxsrfhrbANbUxxEVse1f8WaJsvx2EY$
I've had some folks contact me privately, and I saw an inquiry on another list. There does seem to be some interest, at least in the anti-abuse and research communities, of making this a functional proposition.
To recap, the rough idea is that implementers would be able to positively or negatively confirm relationships between domains. In the world of anti-abuse and research, these links are not always obvious. For example, in a large corporation, some teams may go outside acceptable practice and register a domain through another provider. Or it may be that you have international branches that operate on a different TLD, but you may not have registered with all TLDs. In the latter case, being able to both positively and negatively state a relationship could be useful for anti-spam/phishing.
Any questions or comments would be greatly appreciated. Thank you.
--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast
- [DNSOP] RDBD (Related Domains By DNS) Brotman, Alex
- Re: [DNSOP] RDBD (Related Domains By DNS) Ivanov, Pavel
- Re: [DNSOP] RDBD (Related Domains By DNS) Ben Schwartz
- Re: [DNSOP] [EXTERNAL] Re: RDBD (Related Domains … Brotman, Alex
- Re: [DNSOP] [EXTERNAL] Re: RDBD (Related Domains … Ben Schwartz
- Re: [DNSOP] [EXTERNAL] Re: RDBD (Related Domains … Stephen Farrell
- Re: [DNSOP] [EXTERNAL] Re: RDBD (Related Domains … Brotman, Alex
- Re: [DNSOP] RDBD (Related Domains By DNS) Martin Thomson