IETF Logo Mail Archive

Re: [DNSOP] ALT-TLD and (insecure) delgations.

Ralph Droms <rdroms.ietf@gmail.com> Wed, 01 February 2017 22:12 UTC

Return-Path: <rdroms.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A602D1295B7 for <dnsop@ietfa.amsl.com>; Wed, 1 Feb 2017 14:12:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pcwtZJbx0kBY for <dnsop@ietfa.amsl.com>; Wed, 1 Feb 2017 14:12:58 -0800 (PST)
Received: from mail-qt0-x233.google.com (mail-qt0-x233.google.com [IPv6:2607:f8b0:400d:c0d::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42D7E1295BC for <dnsop@ietf.org>; Wed, 1 Feb 2017 14:12:53 -0800 (PST)
Received: by mail-qt0-x233.google.com with SMTP id k15so290181121qtg.3 for <dnsop@ietf.org>; Wed, 01 Feb 2017 14:12:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:subject:date:references :to:in-reply-to:message-id; bh=Fa4wyt2k1Xfhg1ebuSyN3PDbHa7iQaTIhmpCeXWIBro=; b=f+PKhneYDgvoj/RUl/0Tk9twHqnw+3NYRb6VyHIAfQ2UwUmFKuxCIC25Q2faI+ha1P 94K27Y2zq+jYitmqCVWBl87OaXc68WVUF6A8A9qaOVTdp0uWXcs4STVGipzF/n7VzFeh z2u9XYDJcS7yTm0E2T0IPgInKmUQnHUImBachVHsAMRM2hjPQrVwQzwvUpCn3b37/Zgs TBnrYro1MsVzm9EMran7WBcaiuTEi/eqFUyn2gvtk1k7Xsj9d5khQrntMjSjZlXBkYzs YbqJXY6j0ZXL4hlgs35q2PiyM0EdPwFc8LzIK5Qj5lHsCa7U9XIAUEdi82K55KBLu0b/ 8Gvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:date:references:to:in-reply-to:message-id; bh=Fa4wyt2k1Xfhg1ebuSyN3PDbHa7iQaTIhmpCeXWIBro=; b=Whe1Ea5/AeuJ+TuJc5PFV2EkKeWAZALn1EotL1bAjQiVxIkUAIUDtv9l9rPnEL7k8t WYKl/mnHJ9Sir3St8IGWnpd913bGoBcUvU4KwT1KxKOrONq48xOw4JuXCt842DwXLTsb Tl9dd1CQikM473cFaxk8TkWaOOuoeu5pH0PGIg0NauTVLwVQL9tplXsy3wI8gthZue+t BJpT0AHRagQjO0+ECegDTllJQLUdPt/6p9tabXBSxYxaGYhv7eQ853EU2744vL0mmv10 uFiKeP0JRUq61pIqm3+zQxzaDJdfvaMMv938kkexZHJCqNqSncIXHByGSrGrBnvfTIDz Pjew==
X-Gm-Message-State: AMke39lPQk5H/nbuPYN4KMCuJ8Q6Y4MuDDSZn+rye2DYoTlBPxU6U0DXQnr66EkbSVpksg==
X-Received: by 10.55.212.157 with SMTP id s29mr5536440qks.240.1485987172303; Wed, 01 Feb 2017 14:12:52 -0800 (PST)
Received: from ?IPv6:2601:18f:801:600:adeb:fc66:eae1:f611? ([2601:18f:801:600:adeb:fc66:eae1:f611]) by smtp.gmail.com with ESMTPSA id a70sm19740135qkc.1.2017.02.01.14.12.51 for <dnsop@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 01 Feb 2017 14:12:51 -0800 (PST)
From: Ralph Droms <rdroms.ietf@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Date: Wed, 01 Feb 2017 17:12:51 -0500
References: <CAHw9_i+8PA3FQx8FqW-xQ_96it7k-g5UrMB7fxARUi1gwQ++hw@mail.gmail.com> <CA+nkc8AhLe7nbPRkGixi93SGNZQhw+TACUDa8=pGsWM5YHJE0w@mail.gmail.com> <C75FC005-ED38-436B-A93E-C2D2B7CDDE9C@gmail.com> <1B8E640B-C38E-4B76-A73D-7178491A9D7B@fugue.com>
To: dnsop <dnsop@ietf.org>
In-Reply-To: <1B8E640B-C38E-4B76-A73D-7178491A9D7B@fugue.com>
Message-Id: <6C409082-BE21-490D-800F-CB44A0A40B80@gmail.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/w4PCnrvLq6iPiCwCEM9H4zX2Vhs>
Subject: Re: [DNSOP] ALT-TLD and (insecure) delgations.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Feb 2017 22:12:59 -0000

> On Feb 1, 2017, at 3:58 PM, Ted Lemon <mellon@fugue.com> wrote:
> 
> On Feb 1, 2017, at 3:50 PM, Ralph Droms <rdroms.ietf@gmail.com> wrote:
>>> It appears to me that requesting an insecure delegation is the right thing to do, as a "technical use".  We have, so far, been very careful in what we ask for.  If ICANN does not agree, then we can discuss other options.
>> 
>> I agree.
> 
> I'm confused.   The .ALT TLD is expected to be used for non-DNS name lookups.   So isn't a secure denial of existence exactly what we want for .ALT?   What is the utility in having an un-signed delegation?
> 

Sorry, I misinterpreted	what I was responding to.  I think I agree with Ted that what we want is a signed delegation for secure denial of existence.

- Ralph

>

v2.23.0 | Report a Bug | By Email