Re: [DNSOP] Mitigation of name collisions

"John R Levine" <johnl@taugh.com> Mon, 03 October 2016 23:35 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BC8D1294A0 for <dnsop@ietfa.amsl.com>; Mon, 3 Oct 2016 16:35:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=Hi0cAfH5; dkim=pass (1536-bit key) header.d=taugh.com header.b=MZ4w28MJ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CoMeYAEIeCtK for <dnsop@ietfa.amsl.com>; Mon, 3 Oct 2016 16:35:54 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE1CC129440 for <dnsop@ietf.org>; Mon, 3 Oct 2016 16:35:53 -0700 (PDT)
Received: (qmail 25332 invoked from network); 3 Oct 2016 23:35:50 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=62f2.57f2eb56.k1610; bh=zBM1jJHX6mEz3rYqgYIrn/EeNG5Abbor/zB8Fwrw8fI=; b=Hi0cAfH5kaME6ZZcDYnD4oiUQWb6ByBKzBBaYV9CrT3HfqGux0j+iHdMEWFFI8TdDhKf46OWATrAaOmxn0vUPSNNsT4v4uzwuWWmMVjuuTyVMzpEdwkOs7SlRrferTK9g36aDoaum5cDUZHYIWNcTau1XzU0wvSbf+CGH5lqaWdb0bnKIXMCgm+36Oc88FUJ0o+BkW26Ci9QUBuGvHJNosN4b/AKjfGTtiaf0z7i+hewv2SLAVA6CYkn8wwV/0xs
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=62f2.57f2eb56.k1610; bh=zBM1jJHX6mEz3rYqgYIrn/EeNG5Abbor/zB8Fwrw8fI=; b=MZ4w28MJH8x2xFr9LASHJTK7yvSSp1esjABJyw2Sj0y4JgNsiMdFEn49gZoOsk+Jfb20UM+paAc40GdjimAjsL2JtnQ1xcqrhg0VTdKh2Fl1M3ZQsqqVt/lZk4MResnu5FsATTUtlCTl/JYTlUDKcTB8RC2MRtaKQiTSrfhiRtJbHW8HWJQMGN0RSHVJDtfbF0gSea7futlv7Je0fr1BOm7u3AnLyQPjJrjQuDIPJ3ukukYsvNyoIq1XDtmQM3Wl
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 03 Oct 2016 23:35:50 -0000
Date: 3 Oct 2016 19:35:52 -0400
Message-ID: <alpine.OSX.2.11.1610031932470.28732@ary.qy>
From: "John R Levine" <johnl@taugh.com>
To: "Warren Kumari" <warren@kumari.net>
In-Reply-To: <CAHw9_i+HEtdjF30pfUeRnTmrx7YjcCiOmAnP_ogjds8kkYS0-w@mail.gmail.com>
References: <90CF5269-0443-45AB-83BA-BE9F9D03831A@vpnc.org> <CAHw9_i+NaU8RtC3sraO2ZwDKQSiYtmtFOYXPGV=5q0bwTdkOpA@mail.gmail.com> <alpine.OSX.2.11.1610031921000.28732@ary.qy> <CAHw9_i+HEtdjF30pfUeRnTmrx7YjcCiOmAnP_ogjds8kkYS0-w@mail.gmail.com>
User-Agent: Alpine 2.11 (OSX 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/dES_J9kNM7t-qeXSeL6rLHRkPQE>
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] Mitigation of name collisions
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Oct 2016 23:35:55 -0000

>> Gee, I'd think you of all people would be aware that there's more to the
>> Internet than the web.
>>
> ... Did you read the footnote?

Yup.  It sounds like a way to collect vast amounts of interesting 
information that companies had no idea they were leaking.  Not every 
connection comes from something with a user watching a screen.  I wonder 
how many ssh connections are live users rather than rsync cron joba.

I realize that you, Warren, are virtuous and would not do anything bad 
with all of the secrets people fling at your server, but given the reality 
of the TLD ecosystem, how confident are you that nobody else running 
such a server would?

R's,
John