IETF Logo Mail Archive

Re: [DNSOP] [Ext] Re: Comments on draft-wessels-dns-zone-digest-02

"John Levine" <johnl@taugh.com> Fri, 10 August 2018 22:06 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA526124BE5 for <dnsop@ietfa.amsl.com>; Fri, 10 Aug 2018 15:06:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lwAKPFtH-0cY for <dnsop@ietfa.amsl.com>; Fri, 10 Aug 2018 15:06:08 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 263C712426A for <dnsop@ietf.org>; Fri, 10 Aug 2018 15:06:08 -0700 (PDT)
Received: (qmail 11501 invoked from network); 10 Aug 2018 22:06:06 -0000
Received: from ary.local ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 10 Aug 2018 22:06:06 -0000
Received: by ary.local (Postfix, from userid 501) id B1ADA200364E76; Fri, 10 Aug 2018 18:06:05 -0400 (EDT)
Date: Fri, 10 Aug 2018 18:06:05 -0400
Message-Id: <20180810220605.B1ADA200364E76@ary.local>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
Cc: edward.lewis@icann.org
In-Reply-To: <2204181E-9433-4B93-B240-92FF754A2468@icann.org>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/d4WDEV43SPT6eX37v2TvPlvMLpQ>
Subject: Re: [DNSOP] [Ext] Re: Comments on draft-wessels-dns-zone-digest-02
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Aug 2018 22:06:10 -0000

In article <2204181E-9433-4B93-B240-92FF754A2468@icann.org> you write:
>How realistic is it that a forged zone could defeat all of the channel security for a zone?  How likely would it be for
>someone to load a false zone on all the places a recursive server would look for it?  Answering that would be a crucial step
>in deciding whether to add a zone hash mechanism.

Since the obvious use case for this is to enable zone distribution
over insecure channels, such as FTP or bittorrent, I'd say it's
completely realistic.

R's,
John

v2.23.0 | Report a Bug | By Email