IETF Logo Mail Archive

Re: [DNSOP] New Version Notification for draft-pwouters-powerbind-00.txt (fwd)

Stephane Bortzmeyer <bortzmeyer@nic.fr> Tue, 20 March 2018 11:29 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 612AF12EA91 for <dnsop@ietfa.amsl.com>; Tue, 20 Mar 2018 04:29:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I4tiboMw2Y1G for <dnsop@ietfa.amsl.com>; Tue, 20 Mar 2018 04:29:49 -0700 (PDT)
Received: from ayla.bortzmeyer.org (ayla.bortzmeyer.org [92.243.4.211]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5071012EAC5 for <dnsop@ietf.org>; Tue, 20 Mar 2018 04:29:49 -0700 (PDT)
Received: by ayla.bortzmeyer.org (Postfix, from userid 10) id BFCF6A05BB; Tue, 20 Mar 2018 12:29:44 +0100 (CET)
Received: by godin (Postfix, from userid 1000) id 07B7FEC0B73; Tue, 20 Mar 2018 12:26:53 +0100 (CET)
Date: Tue, 20 Mar 2018 11:26:53 +0000
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: dnsop@ietf.org
Message-ID: <20180320112653.GA10054@laperouse.bortzmeyer.org>
References: <alpine.LRH.2.21.1803190813150.31565@bofh.nohats.ca> <20180319163434.GA25738@laperouse.bortzmeyer.org> <CA+nkc8CWtXOiXCVQf4iyJwBS1K4seLxsJmtZyRyz7yuCn+u8hQ@mail.gmail.com> <20180319194945.GG3322@mournblade.imrryr.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20180319194945.GG3322@mournblade.imrryr.org>
X-Transport: UUCP rules
X-Operating-System: Ubuntu 16.04 (xenial)
X-Charlie: Je suis Charlie
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/m7t-BaI_Ua5qLT1GWhk49VMcOZ8>
Subject: Re: [DNSOP] New Version Notification for draft-pwouters-powerbind-00.txt (fwd)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2018 11:29:52 -0000

On Mon, Mar 19, 2018 at 07:49:45PM +0000,
 Viktor Dukhovni <ietf-dane@dukhovni.org> wrote 
 a message of 30 lines which said:

> The 'delegation-only' flag does not *by itself* prevent parent
> domains from answering authoritatively for their child domains, but
> it could make "certificate-transparency" more tractable for DNSSEC.

I don't think that you replied to Bob's remark. He said that the
proposal is useless because it addresses only the case of "answering
authoritatively for their child domain", not the "directing child
domain to someplace".

> Without the proposed flag, one would also have to log denial of
> existence

There is no denial of existence in the attack explained by Bob.

v2.23.0 | Report a Bug | By Email