IETF Logo Mail Archive

Re: [DNSOP] DNS privacy and AS 112: the case of home.arpa

Joe Abley <jabley@hopcount.ca> Wed, 13 December 2017 21:46 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 315BC126DEE for <dnsop@ietfa.amsl.com>; Wed, 13 Dec 2017 13:46:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hopcount.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rCBxjxmYm5Nr for <dnsop@ietfa.amsl.com>; Wed, 13 Dec 2017 13:46:07 -0800 (PST)
Received: from mail-it0-x230.google.com (mail-it0-x230.google.com [IPv6:2607:f8b0:4001:c0b::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFCBC126D73 for <dnsop@ietf.org>; Wed, 13 Dec 2017 13:46:06 -0800 (PST)
Received: by mail-it0-x230.google.com with SMTP id m11so22391085iti.1 for <dnsop@ietf.org>; Wed, 13 Dec 2017 13:46:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=CVlsBCPEbXUL9xnH0bMvigwLSJKBF1NH9S11t0FK/v8=; b=UOTNKyE+0dk35RHKbN/4TKuBPUnREKT64r9OVrLY8j2aQXmWUSTtT9LctPgvr+ylEX n6JX4tbKmHt5uPeKkuE3oiBWss5V2sXxhmiuYkru5jIG5n2V4zRrjbsKen2MjH0S1fUJ Lse+gXtifivL9WoZ7pXpF7O1neSF2TTv7uxPE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=CVlsBCPEbXUL9xnH0bMvigwLSJKBF1NH9S11t0FK/v8=; b=sk+hAAgXUTvWN1tsXrCMAjPjwazXdZ8yHbPKFrv+B4brbH0Si3qk9f+IoV7vwpn/+U 436ltns7SFxWDWqkJrjXN6KFa4FtwQIYsQsuV530+Eapk9plESjcl96iraCzk1bePzhq Z95BQMvSmbdU6daJBQO54fovLBE4r7ZrMSqj1HE78RPqFSjNHORsbCDWenOqKzJ4okm6 Pw/m60uyu8zJSX6W+7rr3b709/fHKRyyk8jY9ua3UjfPEYnymSrrE/q7dzMnGoz3gfgE x61tAGI834+RhBQWI1q/fmAeYzpbRHl5JE+CZ/ZF5oWV0CVMu+/wFUt/V/QGtG+nxnVP laug==
X-Gm-Message-State: AKGB3mJuEs9uK3U7Oyg66lb/TAZ0eS8njV45lUb1uqrLo+dfwTiW4CVH KMVYFIpNFhIGkP9YMfMAjFe+RI06yl8=
X-Google-Smtp-Source: ACJfBovN8+0dxpxgTsRGX8aFu1p5F55420SnTH1v2sVR6swZrURDedyGAxsxlzlrkp9YhjLBudeK3A==
X-Received: by 10.36.9.146 with SMTP id 140mr609938itm.54.1513201566299; Wed, 13 Dec 2017 13:46:06 -0800 (PST)
Received: from [199.212.92.9] (135-23-173-35.cpe.pppoe.ca. [135.23.173.35]) by smtp.gmail.com with ESMTPSA id i82sm1297840iod.6.2017.12.13.13.46.04 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Dec 2017 13:46:05 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <1B37BBA1-D141-441A-855E-1ACFF2DC15BD@fugue.com>
Date: Wed, 13 Dec 2017 16:46:00 -0500
Cc: Stephane Bortzmeyer <bortzmeyer@nic.fr>, dnsop@ietf.org, Paul Vixie <paul@redbarn.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <EC253232-3713-426E-9300-20AE38C8BE4F@hopcount.ca>
References: <20171211090051.qjoruin7nkdjsnvd@nic.fr> <5A2E4B7C.50509@redbarn.org> <20171211091800.wonjnvhl3xrx6r4s@nic.fr> <118C37A8-0DEF-460B-8A79-AAE470D3CED8@hopcount.ca> <1B37BBA1-D141-441A-855E-1ACFF2DC15BD@fugue.com>
To: Ted Lemon <mellon@fugue.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/b0wyKu2x5K-g_fEQsFDUXxRLv0E>
Subject: Re: [DNSOP] DNS privacy and AS 112: the case of home.arpa
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Dec 2017 21:46:09 -0000

On 11 Dec 2017, at 19:50, Ted Lemon <mellon@fugue.com> wrote:

> On Dec 11, 2017, at 11:17 AM, Joe Abley <jabley@hopcount.ca> wrote:
>> Note though that the homenet document specifically requests a delegation.
> 
> Please do not read more into the document than was intended.   What Mark is saying looks to me like an accurate representation of what we intended.   The goal is simply for it to be the case that there is not an unsigned delegation for home.arpa, which means that it has to point _somewhere_.   I am a bit frustrated to hear that this is turning into a substantial amount of effort.   It should be extremely simple.   There is no wrong answer for what the delegation looks like other than "signed."

So it's fine if the delegation is secure (which is I presume what you mean by signed) but lame?

The document actually specifies quite clearly that the delegation "MUST NOT include a DS record" which seems to be different from what you are saying. It also specifies that the delegation "MUST point to one or more black hole servers", which is pretty vague language following a MUST.

I appreciate that the intention of homenet may well have been clear, but the text in section 7 is definitely not clear. I think actually it would have been reasonable for IANA to send it back as ambiguous before it got to the RFC Editor queue.


Joe

v2.23.0 | Report a Bug | By Email