Re: [DNSOP] New draft on delegation revalidation

Shumon Huque <shuque@gmail.com> Wed, 13 May 2020 15:31 UTC

Return-Path: <shuque@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6A243A0FA4 for <dnsop@ietfa.amsl.com>; Wed, 13 May 2020 08:31:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.3
X-Spam-Level:
X-Spam-Status: No, score=-0.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, PDS_OTHER_BAD_TLD=1.797, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y9ZplrCYkVd5 for <dnsop@ietfa.amsl.com>; Wed, 13 May 2020 08:31:57 -0700 (PDT)
Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13B663A0E49 for <DNSOP@ietf.org>; Wed, 13 May 2020 08:31:57 -0700 (PDT)
Received: by mail-ej1-x635.google.com with SMTP id e2so14557202eje.13 for <DNSOP@ietf.org>; Wed, 13 May 2020 08:31:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2/eg8+EzotLZMuYbav9OQV0IvSsuiSOPNVS2VSfwdWk=; b=C7VDwz0MU3vkR2Jp5P6uMKpEy9J/IZTf47ALyFQORR8hmdXULZmQ1ym6Xs5pcOqcit tGlw+p3AKlEvS7Q6cSEH6q1c3uzqlCrq0vKd6FSTcrXAIhh+xTrhUekRxWOXzJ+vPux3 GlaBeLlCctRDRJYuntFv7QtiOOHD7n9YsNzmOruPqAcfsKHelVnZRcadr4ODZid+md4D H5lZO+UEjWG5pVSUCypQqtSkmJ4VoZhv4pAcnTJ/EV+x6hEfK6U9ruWPDxmiM5+aJA5L xKTkrLjFbAkW2T2hvNPIu3BOC/vOzmf79vTKzjKnWxCBCes90Bk7MbBTs3wlpw9i1oAF iMbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2/eg8+EzotLZMuYbav9OQV0IvSsuiSOPNVS2VSfwdWk=; b=dMtdN4wsAKDWJh4TzPc7UVPsbgcN072rGL9qYc5vlAaefmVYlszEj5mvNdvJ4qnv/F 3efowyK0qWz+X+REDeCpa0P06WMBgQPuwzmiHLJviAv6qSEjezJ8xr6XRWf4eD2rJtOO vxj4AwhbDSxTQcicZH6uw6Jw/l0khMamKFHvmTso6dEq7xiJR/YNrKaTW7hwt1i2kgNV w/o/Bx7ZSm6m4L0yTod273vIqDeiIum+D1nrBrX7KZYnnzUVtETNSGpfMUMRWnAJ+ZYJ j8tCSdDul1LX1ssSKwy+ecIs71KNcapkGBYrjQJDnVmRbo7EJ/ehRcTiOHHX5UgZ8LIi +LSw==
X-Gm-Message-State: AGi0PuaYyMCxBPolcqb6zxLyjuP5LcDnkX9VuQWPEa6V2j2WrtlwaoBw Nm/HqKH0SRqng5hx06ud0d5OP2B62qXwAAVYdLA=
X-Google-Smtp-Source: APiQypIFoRoyjTdkfliD2PQNjb78Le5fpXkGK0LE59n94LR5w5MmXhoGMqmcSgDqm2H5JUEpxbEzCvUx/dLC10Xq44s=
X-Received: by 2002:a17:906:3da:: with SMTP id c26mr23385866eja.290.1589383915521; Wed, 13 May 2020 08:31:55 -0700 (PDT)
MIME-Version: 1.0
References: <CAHPuVdV9eSCLQOqMF0cq8fHcuSZs7nCgjhHMfMoaV5H=ekbtSA@mail.gmail.com> <4feca627-79d6-374e-402d-f50d49e03469@sidn.nl> <CAHPuVdVkTbV6o5sVCZzOcE4y0yEFUa3rmtcsWooxQK0nO_eMvw@mail.gmail.com> <058d760a-7400-e407-4d12-c744d949538e@sidn.nl> <b6772ece-b09c-8acc-74dc-860f864df863@sidn.nl>
In-Reply-To: <b6772ece-b09c-8acc-74dc-860f864df863@sidn.nl>
From: Shumon Huque <shuque@gmail.com>
Date: Wed, 13 May 2020 11:31:34 -0400
Message-ID: <CAHPuVdVyn8Kcd=8Fux4kH=DTzWLj3dSk7HntrvBx_Vvr+7y7kA@mail.gmail.com>
To: "Giovane C. M. Moura" <giovane.moura=40sidn.nl@dmarc.ietf.org>
Cc: IETF DNSOP WG <DNSOP@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b24b9705a58947bb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/n3Vmx1NuQZfESBvSNdPcCUVKMuo>
Subject: Re: [DNSOP] New draft on delegation revalidation
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 May 2020 15:31:59 -0000

On Mon, May 11, 2020 at 9:00 AM Giovane C. M. Moura <giovane.moura=
40sidn.nl@dmarc.ietf.org> wrote:

>
> >>  Do you plan to maintain the parent/child disjoint NS
> >> domain (marigliano.xyz <http://marigliano.xyz>) going forward? And what
> >> about the test
> >> domains for other types of misconfigurations?
> >
> > Great idea. Let me look into this, will get back to with that.
>
>
> Done. Check http://superdns.nl :)
>
> Marco and I (mostly Marco, I've got say) set up this website and all the
> delegations/records that replicates the setup of the paper.
>

Thanks Giovane (and Marco)!

Looks pretty good at first glance.

A few tangential questions though:

The HTTPS site goes to a different and mostly empty page - and
Chrome doesn't like the certificate because it has a wildcard Subject
CN. Are you planning to fix that?

I know DNSSEC is likely not the focus of your experiment, but the
zones do seem to be signed - but with algorithm 16 (Ed448), which
not a lot of resolvers or debugging tools support yet. Any reason you
didn't choose a more widely supported algorithm?

We did under a diff domain for sake of simplicity for us and differently
> from the paper, we create 4 delegations, each one corresponding to one
> of the scenarios (in the paper we change the NS configurations in
> between experiments, we want a static setup here for folks to test).
>
> Hope it helps and if you need any help, let me know.
>
> /giovane
>
> ps: Raffaele, the first author of our paper, will present the study on
> RIPE80 on Tuesday's plenary:
> https://ripe80.ripe.net/programme/meeting-plan/plenary/#tue4 , in case
> you want to check it out
>

Thanks for the pointer. I missed it, but will try to view the recording
soon.

Shumon.