Re: [DNSOP] .arpa

Matthew Pounsett <matt@conundrum.com> Thu, 23 March 2017 19:38 UTC

Return-Path: <matt@conundrum.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1F0D13164C for <dnsop@ietfa.amsl.com>; Thu, 23 Mar 2017 12:38:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=conundrum-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3tXm3Iy3MOAP for <dnsop@ietfa.amsl.com>; Thu, 23 Mar 2017 12:38:41 -0700 (PDT)
Received: from mail-ua0-x22f.google.com (mail-ua0-x22f.google.com [IPv6:2607:f8b0:400c:c08::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45D80131648 for <dnsop@ietf.org>; Thu, 23 Mar 2017 12:38:40 -0700 (PDT)
Received: by mail-ua0-x22f.google.com with SMTP id u30so100883586uau.0 for <dnsop@ietf.org>; Thu, 23 Mar 2017 12:38:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=conundrum-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ivaReOlW5ixThpc0BdMz9y5/5Xq8b98rdwN98QkLrdI=; b=Kx1bc2egxGyGVxh3KSqnc1LSsbUgtlmU/u67uNHVVU50UFiNJOOLB8KFoo4uduO2gW VLgQmmrBUcpK6PoA7prCh/T8XwZu2wygEEOVTVlp6W4O54irLhqgY1U6CrARm8jAOf45 4tqt3k/KH4q5xW3zSb9jIiKNIgvZC/MKG4/Peu0PuU6c4q++CbfXAN9p8LwFGmaA7JNT peYj38i7leevqa+C4S57Ub+D/+s2uXO/2+u3HZ4wv+UKVQ5sR70eEzO4ew160Q/ykN0p pyR49GXFwZ+WjGlhCYkBsoeTgzIqlS/pnd59Ml2RicAjUiWvWidNWzxGEsIBnoMQgAq6 2mhw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ivaReOlW5ixThpc0BdMz9y5/5Xq8b98rdwN98QkLrdI=; b=mY4FJ5B1rCnhYfQRdUNV9PMzioy9J8KZRw1OrqIFbKO02UbNNkSUHieQF7Aqa29aNT vJPRy0qXNDz9vYvPIC+wA9AkhzZOQsNI0C7tpcfYaQUxx06qNH15vOO1dea+MZyhug7U 8zfoBtX7Ln35KkjUeYUpLWwhYJf6n85adKpazQtCJFiQKIDjDv5kebeD4xisqDQ0RhDq 1R5NBq2Vgp0ooPVjDta64MVDjP4rGqRTQLKqnINdYS4iuVv0wyL0h81nGIv4CXucPt8+ INAVEGiwiLeoA6Bl6erHCnp0VsXIKceuEKpaknuAp559SQ41luz4nB+0Gb8pW1WnPtz8 fzyQ==
X-Gm-Message-State: AFeK/H1CLZ4730zjkDXb12bHUmjZc/Ouq7m3pBrb18YapLI0o8yeSQxBlJX5m/78+hKh9F9s7QLqGjHmJRSYmQ==
X-Received: by 10.176.2.172 with SMTP id 41mr2087065uah.2.1490297919852; Thu, 23 Mar 2017 12:38:39 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.50.65 with HTTP; Thu, 23 Mar 2017 12:38:39 -0700 (PDT)
In-Reply-To: <47548136-78d7-8c53-462e-62439d6194ac@bellis.me.uk>
References: <20170323042741.79108.qmail@ary.lan> <2C6B4EB6-D0F0-44A8-95E4-68DF32244639@fugue.com> <20170323163205.GD19105@mx4.yitter.info> <500af1ed-5425-4452-ad8e-c2d511ee738d@bellis.me.uk> <850A8729-8762-4375-90EF-50CDF4AC232E@gmail.com> <47548136-78d7-8c53-462e-62439d6194ac@bellis.me.uk>
From: Matthew Pounsett <matt@conundrum.com>
Date: Thu, 23 Mar 2017 15:38:39 -0400
Message-ID: <CAAiTEH84V-VjCrKUuBLe2qGdVgbMQ6eqc=dWL1Wtij0m1kVxfQ@mail.gmail.com>
To: Ray Bellis <ray@bellis.me.uk>
Cc: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary=001a113b0ae61fccd4054b6b067c
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/njCFAD8xaiDCAr80Ld_khicGyuo>
Subject: Re: [DNSOP] .arpa
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Mar 2017 19:38:44 -0000

On 23 March 2017 at 13:50, Ray Bellis <ray@bellis.me.uk> wrote:

>
>
> Hence w.r.t Matt Pounsett's argument that the -redact document go first
> and then the assignment of ".homenet" be done later, the Homenet WG has
> argued *very* strongly that this is not acceptable because it leaves
> HNCP in an indeterminate state.
>
> On the other hand, as Ralph Droms points out, not going ahead with either
leaves .home in an indeterminate state.  And, going ahead with both in the
absence of an answer on the homenet. insecure delegation (assume a
hypothetical third hand) leaves the whole thing undeployable in the
presence of any validation between the local nameserver authoritative for
.homenet and and-user applications.  Validating applicatinos, stubs,
localhost resolvers, and forwarders all break HNCP, unless I've completely
misunderstood something.

Since we're trying to encourage validation as close to the application as
possible, I would think we'd avoid attempting to deploy things that cannot
work with application-level validation.