Re: [DNSOP] additional special names Fwd: I-D Action: draft-chapin-additional-reserved-tlds-00.txt

Jelte Jansen <jelte.jansen@sidn.nl> Mon, 03 March 2014 10:31 UTC

Return-Path: <Jelte.Jansen@sidn.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CB941A0E73 for <dnsop@ietfa.amsl.com>; Mon, 3 Mar 2014 02:31:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.453
X-Spam-Level:
X-Spam-Status: No, score=-0.453 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zBOCXBMwRyWg for <dnsop@ietfa.amsl.com>; Mon, 3 Mar 2014 02:31:04 -0800 (PST)
Received: from arn2-kamx.sidn.nl (kamx.sidn.nl [IPv6:2a00:d78:0:147:94:198:152:69]) by ietfa.amsl.com (Postfix) with ESMTP id B38011A0E2A for <dnsop@ietf.org>; Mon, 3 Mar 2014 02:31:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=sidn.nl; s=sidn_nl; c=relaxed/relaxed; h=message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding:x-originating-ip; bh=FedQKq/YDb52NBfzDfVzyVfD+HCADnWxoMaR0JHVKlk=; b=yYAK3NQLc4VOFgywHqqReI3tjBzzjf3cMcFZaHDPW8BxLZc4aHAJDyHpDmuBPZtg1KTGM5wfEpK9IYcjnUvjB1Cwi4QrFaECn2XhJoaIk6AF4wst3nHLi+Zjkterhi4ws5UPtV8Nd57BNm3i5QmVJmuHSaHFXEg+5VWF7giPcEE=
Received: from kahubcasn01.SIDN.local ([192.168.2.73]) by arn2-kamx.sidn.nl with ESMTP id s23AUrst019913-s23AUrsv019913 (version=TLSv1.0 cipher=AES128-SHA bits=128 verify=CAFAIL); Mon, 3 Mar 2014 11:30:53 +0100
Received: from [94.198.152.219] (94.198.152.219) by kahubcasn01.SIDN.local (192.168.2.77) with Microsoft SMTP Server (TLS) id 14.3.174.1; Mon, 3 Mar 2014 11:30:50 +0100
Message-ID: <531459D8.2010003@sidn.nl>
Date: Mon, 3 Mar 2014 10:30:48 +0000
From: Jelte Jansen <jelte.jansen@sidn.nl>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131103 Icedove/17.0.10
MIME-Version: 1.0
To: Norbert Bollow <nb@bollow.ch>
References: <20140129055438.2402.qmail@joyce.lan> <97E20887-2B9C-4EAD-826B-043306605F88@fl1ger.de> <54BE75D7-E70B-46AB-93C1-042E655BB5E7@apple.com> <D0AC0015-63C3-4C03-A8D0-888C435D2775@virtualized.org> <20140226100311.E73CA1069B39@rock.dv.isc.org> <8FEAF0FC-2AC3-4F39-9825-7068AAA6E40D@hopcount.ca> <CAHw9_iJa_OhzHVCQ4L0Aj+m=zAp6w=mJpAV-_ueh9iukhb3bnA@mail.gmail.com> <20140303102535.6f276963@quill>
In-Reply-To: <20140303102535.6f276963@quill>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [94.198.152.219]
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/s8pqNrgqFZBs6f6dCc1XRisX40Y
Cc: Stuart Cheshire <cheshire@apple.com>, "dnsop@ietf.org WG" <dnsop@ietf.org>, Joe Abley <jabley@hopcount.ca>, David Conrad <drc@virtualized.org>
Subject: Re: [DNSOP] additional special names Fwd: I-D Action: draft-chapin-additional-reserved-tlds-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Mar 2014 10:31:05 -0000

On 03/03/2014 09:25 AM, Norbert Bollow wrote:
> Warren makes a strong argument in favor of .alt I think.
> 
> Another related aspect is that if something like onion.notreallydns.org
> is used, with notreallydns.org registered for the specific purpose of
> providing a home for one or more non-resolving dns-like names, it
> is very non-trivial to guarantee that whoever has registered the
> notreallydns.org name will continue paying the yearly fees forever. If
> the registration lapses, an attacker could become the new holder of the
> notreallydns.org domain and use it to snoop and/or serve malware...
> 

more generally, even if one person/institution holds that name forever,
they/it can change their mind about catching the data there (and/or
responding to it). So your protocol/security tradeoffs change when this
approach is chosen compared to reserving it for explicit non-use. While
the reservation can be pulled anyway, IMO it would be a much greater
barrier should one try to do so.

(not leaning either way myself at this point)

Jelte