Re: [DNSOP] RDBD (Related Domains By DNS)
Ben Schwartz <bemasc@google.com> Tue, 03 March 2020 22:38 UTC
Return-Path: <bemasc@google.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F04E13A0143 for <dnsop@ietfa.amsl.com>; Tue, 3 Mar 2020 14:38:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FVsH7hkQww6b for <dnsop@ietfa.amsl.com>; Tue, 3 Mar 2020 14:38:15 -0800 (PST)
Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [IPv6:2a00:1450:4864:20::333]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 073FB3A0128 for <dnsop@ietf.org>; Tue, 3 Mar 2020 14:38:14 -0800 (PST)
Received: by mail-wm1-x333.google.com with SMTP id i9so3724625wml.4 for <dnsop@ietf.org>; Tue, 03 Mar 2020 14:38:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=XbEwqVOalgx2RdJBzLLE5KYwp6YqrQnIaQkTSFtHGKw=; b=Utx2gz0MpJ07VrDP3j3zm3yRjVg5SPJu4bsKBq7NqgQ77tnRHgiHMGeQFLWxvzeDA2 DaqragnxYmu7T/Lr8ZotO6fCJ77LXbZfxIGNx+fHFM7zsRVOuhTHRjULpz3SBx4id5/o WjRgScF/+PE8NOo4OhNg7968fJs0MFc4JovkHZyapz4ckB/oL4WRxPHrlok/vWbk8Vuv uGfFiQ3HMFi8pBGvd3ZS2gKDbolIrIKwiuMwjP1BsNI7d6eobVA+PLrFsr2RrTep9jGY vjBgxTnAq0EnKZMom0B+03hsiqbpsSA04bZLf4haIHnOk0EYspDowhSmxpjDfiy3a/hz NnxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=XbEwqVOalgx2RdJBzLLE5KYwp6YqrQnIaQkTSFtHGKw=; b=fhItr7xDCgWUvFXf4TlAtl1k0fWjmOYkradozG/vZVVcVHZDgnkia2BWJj5gVUXmU+ iRCOQ/jqLDQUAXMJPnkG6kCeUNjkluQWIBnlsE/cHZPLKf0Mr+EU28U+kAqYYXNR0dSb ZHn1H1FoLYH6tE1+xsVsJeHwkwdqLeNDYfWjDFF4hAnR3BMkLt4LwCqMDfpweL7OZfsb TUNmCFn52GZ3xjvvF8TmbPFmSgSUy0T8mgVVXJ/60m93L0rTfKXxRsFbYfPmWvTypopO EA5+xGSFrp59t/YOv5Ku9NvT5qeAl8npgQYySI1EV8Rd2FlzKCraIPLfEg+xF48qSWPD Wn2Q==
X-Gm-Message-State: ANhLgQ3MaR00VVOA04eM3RWOQd0xBAcJ+A3h3WpEDfiO9BTNT5MINNja fD6DIEqYRA8NycRTibQp+2DLUxRCVZ0dl6YL3v6/RDC6
X-Google-Smtp-Source: ADFU+vsCXMus3HagfKoJqedMoEkzPRtPu70FdaykuRLsYJIqg9F9Vqf7UBcDiIzWRZS3Bcr6QOUNtr21v+lusORun1k=
X-Received: by 2002:a1c:804a:: with SMTP id b71mr627103wmd.132.1583275092834; Tue, 03 Mar 2020 14:38:12 -0800 (PST)
MIME-Version: 1.0
References: <SN6PR11MB263815A3157874070BE86908F7E40@SN6PR11MB2638.namprd11.prod.outlook.com>
In-Reply-To: <SN6PR11MB263815A3157874070BE86908F7E40@SN6PR11MB2638.namprd11.prod.outlook.com>
From: Ben Schwartz <bemasc@google.com>
Date: Tue, 03 Mar 2020 17:38:01 -0500
Message-ID: <CAHbrMsBa0rmhP9=qq_g9dBjiui84A7XqW1eC=18EENoOnKTuxg@mail.gmail.com>
To: "Brotman, Alex" <Alex_Brotman@comcast.com>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000887e09059ffaf5a3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/aFdiujOKfMJtw2TSSHhjfOCmQmA>
Subject: Re: [DNSOP] RDBD (Related Domains By DNS)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Mar 2020 22:38:17 -0000
Thanks for the draft. I haven't been following this, and I found it interesting. I would appreciate more fully worked use cases to explain the motivation. What is the use in correlating different domains? How would one use this to prevent "cousin" attacks? On Tue, Mar 3, 2020 at 2:12 PM Brotman, Alex <Alex_Brotman@comcast.com> wrote: > Hello, > > A while ago, Stephen and I had sent out a few versions of this, and we had > some discussions and revisions were made. At the time, discussion waned, > however I wanted to pick this up again before the onset of IETF107. > > https://datatracker.ietf.org/doc/draft-brotman-rdbd/ > > I've had some folks contact me privately, and I saw an inquiry on another > list. There does seem to be some interest, at least in the anti-abuse and > research communities, of making this a functional proposition. > > To recap, the rough idea is that implementers would be able to positively > or negatively confirm relationships between domains. In the world of > anti-abuse and research, these links are not always obvious. For example, > in a large corporation, some teams may go outside acceptable practice and > register a domain through another provider. Or it may be that you have > international branches that operate on a different TLD, but you may not > have registered with all TLDs. In the latter case, being able to both > positively and negatively state a relationship could be useful for > anti-spam/phishing. > > Any questions or comments would be greatly appreciated. Thank you. > > -- > Alex Brotman > Sr. Engineer, Anti-Abuse & Messaging Policy > Comcast > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
- [DNSOP] RDBD (Related Domains By DNS) Brotman, Alex
- Re: [DNSOP] RDBD (Related Domains By DNS) Ivanov, Pavel
- Re: [DNSOP] RDBD (Related Domains By DNS) Ben Schwartz
- Re: [DNSOP] [EXTERNAL] Re: RDBD (Related Domains … Brotman, Alex
- Re: [DNSOP] [EXTERNAL] Re: RDBD (Related Domains … Ben Schwartz
- Re: [DNSOP] [EXTERNAL] Re: RDBD (Related Domains … Stephen Farrell
- Re: [DNSOP] [EXTERNAL] Re: RDBD (Related Domains … Brotman, Alex
- Re: [DNSOP] RDBD (Related Domains By DNS) Martin Thomson