Re: [DNSOP] DNSOP Call for Adoption draft-vixie-dns-rpz
Vernon Schryver <vjs@rhyolite.com> Wed, 21 December 2016 18:29 UTC
Return-Path: <vjs@rhyolite.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 164621298BA for <dnsop@ietfa.amsl.com>; Wed, 21 Dec 2016 10:29:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.002
X-Spam-Level:
X-Spam-Status: No, score=-5.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-3.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jCIaDI0otjjB for <dnsop@ietfa.amsl.com>; Wed, 21 Dec 2016 10:29:37 -0800 (PST)
Received: from calcite.rhyolite.com (calcite.rhyolite.com [192.188.61.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB1CE127ABE for <dnsop@ietf.org>; Wed, 21 Dec 2016 10:29:37 -0800 (PST)
Received: from calcite.rhyolite.com (localhost [127.0.0.1]) by calcite.rhyolite.com (8.15.2/8.15.2) with ESMTPS id uBLITJA9085693 (CN=www.rhyolite.com version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <dnsop@ietf.org> env-from <vjs@rhyolite.com>; Wed, 21 Dec 2016 18:29:19 GMT
Received: (from vjs@localhost) by calcite.rhyolite.com (8.15.2/8.15.2/Submit) id uBLITI5B085692 for dnsop@ietf.org; Wed, 21 Dec 2016 18:29:18 GMT
Date: Wed, 21 Dec 2016 18:29:18 +0000
From: Vernon Schryver <vjs@rhyolite.com>
Message-Id: <201612211829.uBLITI5B085692@calcite.rhyolite.com>
To: dnsop@ietf.org
In-Reply-To: <6C982A3A-721C-4094-A04F-059698581321@fugue.com>
X-DCC-Rhyolite-Metrics: calcite.rhyolite.com; whitelist
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/d0VtXBJ-dmNB-kqa40ZUz_VALSo>
Subject: Re: [DNSOP] DNSOP Call for Adoption draft-vixie-dns-rpz
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Dec 2016 18:29:39 -0000
> From: Ted Lemon <mellon@fugue.com> > It would be _nice_ if the browser, for example, could get some > kind of positive, signed assertion that some authority has claimed > that the domain in question is malicious (or whatever). As I wrote on Monday, the final paragraph of section 6 on page 18 of https://tools.ietf.org/html/draft-vixie-dns-rpz-04 says: If a policy rule matches and results in a modified answer, then that modified answer will include in its additional section the SOA RR of the policy zone whose rule was used to generate the modified answer. This SOA RR includes the name of the DNS RPZ and the serial number of the policy data which was connected to the DNS control plane when the answer was modified. It's not signed, but perhaps it could be with look-asside trust anchors, although an ever growing forest of DLVs doesn't sound good to me. Browsers and other interested applications would have to do more than gethostbyname() or a modern equivalent to see those SOAs. But if browsers ever do any DANE, they'll need to do more than gethostbyname(). (perhaps that "will include" should be "MUST include") Vernon Schryver vjs@rhyolite.com
- [DNSOP] DNSOP Call for Adoption draft-vixie-dns-r… tjw ietf
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Suzanne Woolf
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ray Bellis
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Jim Reid
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Matthew Pounsett
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Wouters
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Allan Liska
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Hoffman
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ray Bellis
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Tim Wicinski
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Hoffman
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ray Bellis
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… bert hubert
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Wouters
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Hoffman
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ray Bellis
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Hoffman
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Warren Kumari
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ralf Weber
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… bert hubert
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… bert hubert
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… william manning
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ted Lemon
- [DNSOP] Role of informational RFCs Re: DNSOP Call… Suzanne Woolf
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… sthaug
- Re: [DNSOP] Role of informational RFCs Re: DNSOP … Paul Hoffman
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Wouters
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… sthaug
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Matthew Pounsett
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Matthew Pounsett
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Matthew Pounsett
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Vernon Schryver
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Wouters
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Vernon Schryver
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Viktor Dukhovni
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Mark Andrews
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Robert Edmonds
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Nolan Berry
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Stephane Bortzmeyer
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Stephane Bortzmeyer
- Re: [DNSOP] Role of informational RFCs Re: DNSOP … Stephane Bortzmeyer
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ralf Weber
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Patrik Wallstrom
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… John Levine
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Donald Eastlake
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Scott Schmit
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… John Levine
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Richard Clayton
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Scott Schmit
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… John Levine
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Vernon Schryver
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… william manning
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… joel jaeggli
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Viktor Dukhovni
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Warren Kumari
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Mukund Sivaraman
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Warren Kumari
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Wouters
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Vernon Schryver
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Tony Finch
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… william manning
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Barry Raveendran Greene
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Scott Schmit
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Avri Doria
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Barry Raveendran Greene
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Wouters
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Wouters
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Vernon Schryver
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Philip Homburg
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… 神明達哉
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Vernon Schryver
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Viktor Dukhovni
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Philip Homburg
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ralf Weber
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Rich Kulawiec
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… tjw ietf
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Wouters
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Warren Kumari
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Dave Crocker
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… joel jaeggli
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Wouters
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Dave Crocker
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… william manning
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ray Bellis
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Andrew Sullivan
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Wouters
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Suzanne Woolf
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Mukund Sivaraman
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Dave Crocker
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Wouters
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Hoffman
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Dave Crocker
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Petr Špaček
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Dave Crocker
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Barry Raveendran Greene
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Viktor Dukhovni
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Melinda Shore
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Dave Crocker
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Dave Crocker
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Doug Barton
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Mark Andrews
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Barry Raveendran Greene
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Vernon Schryver
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Vernon Schryver