Re: [DNSOP] ALT-TLD and (insecure) delgations.

Ted Lemon <mellon@fugue.com> Tue, 07 February 2017 17:18 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27279129D9D for <dnsop@ietfa.amsl.com>; Tue, 7 Feb 2017 09:18:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ApsogrDSOBBi for <dnsop@ietfa.amsl.com>; Tue, 7 Feb 2017 09:18:28 -0800 (PST)
Received: from mail-qk0-x232.google.com (mail-qk0-x232.google.com [IPv6:2607:f8b0:400d:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87B0C129587 for <dnsop@ietf.org>; Tue, 7 Feb 2017 09:18:28 -0800 (PST)
Received: by mail-qk0-x232.google.com with SMTP id s140so95130055qke.0 for <dnsop@ietf.org>; Tue, 07 Feb 2017 09:18:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=DSk6nUyRVxSOeIikxVR/04gH918S0Y0G6BUuPIc92uA=; b=WWt5bywFhQ+ak73Q5pEXpfIaa+sWgOUwCct+0fgWvJ9poNuENgU9YfqqcvxoeDCZ8G 7DdjB6hToe29H2cW6DVJUJBIde3EnlsnY86bpbH6vq2mwd2vfZknaWG2Fjpu7y9EPEXE 6IBlN2cxtDHsAT4Do6nMm8syjP49ZjOpwN110lHplBHCuf5Sm2W4gSuLAKA5EOtXjOTs uYF4nDZaE8BiBIc2zt4a+Qs1kK1fh84lkCRecLqtHe5n8nCEY/vyoOFcHjz18YLUOyz9 w54phHnCG/H6xLCtsZXL/NmkrSONXsWwsrODSv4WRDuDedEGIVSU3sHRxqhQlzAACjW8 XiCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=DSk6nUyRVxSOeIikxVR/04gH918S0Y0G6BUuPIc92uA=; b=IgnNAfa/NiViLojt/CEOBpXD15mzuyBgR7ZotOzowJBeL2gPAunVe3lv5Qo9mZ+s6b GWxj9O5QzRPDQagAa2FmwMtgleHosqUNOisVSFRpjkGIvJmqiShSHuNWjib9qeXbzyJm D4rkTgRw+XjA6dawcBFQjgEytvUmoE4PbMh8Am8UJUrTDy03dPntLue6eGz8haiRPNde CAGrrBeRMtvDVBBiDz8uK/nwZdRjhvIFqGeSLYM1OMWXFxJrv/eaHZuhZ8M6AsfIAEiW TCkujaLrdjW1J9absoIeQb+g1Y0IXefzsK0IQDfpCqN6LMVy6lFMh4hMmd4ikJ/KAsQn t8yw==
X-Gm-Message-State: AMke39mYNa0QtAhEKIzOM+tz1AWZ6TFdOjw92DQNGuwG2/rVuYgyoZi7mdtL+iI2+ugaBw==
X-Received: by 10.55.200.195 with SMTP id t64mr15662690qkl.294.1486487907607; Tue, 07 Feb 2017 09:18:27 -0800 (PST)
Received: from [10.0.20.228] (c-73-167-64-188.hsd1.ma.comcast.net. [73.167.64.188]) by smtp.gmail.com with ESMTPSA id k19sm3838897qtf.37.2017.02.07.09.18.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 Feb 2017 09:18:25 -0800 (PST)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <5CA637EE-C0B6-4E5C-A446-A84431176D0C@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_68DAA081-D6BE-42DA-8523-3753A3650A98"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Date: Tue, 7 Feb 2017 12:18:23 -0500
In-Reply-To: <CAHw9_iK7Vt+ZNw8=E-b+w9gGhwB9fZNqHYp2pqKqT__RgcDttQ@mail.gmail.com>
To: Warren Kumari <warren@kumari.net>
References: <CAH1iCiqXohb_7LsQ2EMo8ZB-t20mKq_nUDS8vebhtSXoM13DTg@mail.gmail.com> <20170203210922.7286C618213C@rock.dv.isc.org> <CAH1iCipKwcOsMQY3kjvSZ42LMK37GLD6GP2AVtnWK0c83k-RiA@mail.gmail.com> <20170207040552.8BDCC632F192@rock.dv.isc.org> <3581BE55-B178-4298-8EE8-73FD16B4216D@gmail.com> <D4C0D518-A3ED-4555-93DA-2EA12D82A662@fugue.com> <CAHw9_iK7Vt+ZNw8=E-b+w9gGhwB9fZNqHYp2pqKqT__RgcDttQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/nkvWQ_haR3FeApY3_83Bk4ip2cE>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>, Brian Dickson <brian.peter.dickson@gmail.com>
Subject: Re: [DNSOP] ALT-TLD and (insecure) delgations.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2017 17:18:30 -0000

On Feb 7, 2017, at 11:45 AM, Warren Kumari <warren@kumari.net> wrote:
> I don't think I've seen a good argument for NOT doing the above -- why
> (other thabn the sunk time / effort) don't we do two?

Right, this just seems obvious to me.   If we do two, we can tailor each solution to the need it is intended to fill, rather than trying to come up with some compromise that isn't ideal for either case.