Re: [DNSOP] ALT-TLD and (insecure) delgations.

Ted Lemon <mellon@fugue.com> Tue, 07 February 2017 13:07 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0336B129BB9 for <dnsop@ietfa.amsl.com>; Tue, 7 Feb 2017 05:07:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E7sbh0DvbcH4 for <dnsop@ietfa.amsl.com>; Tue, 7 Feb 2017 05:07:03 -0800 (PST)
Received: from mail-qt0-x22a.google.com (mail-qt0-x22a.google.com [IPv6:2607:f8b0:400d:c0d::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0970129426 for <dnsop@ietf.org>; Tue, 7 Feb 2017 05:07:03 -0800 (PST)
Received: by mail-qt0-x22a.google.com with SMTP id k15so133715827qtg.3 for <dnsop@ietf.org>; Tue, 07 Feb 2017 05:07:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=G+CwDwLt9QN7H/jNMcZej/kiUdXk8Be1ZFTOymovuUw=; b=Sucs/DZnVK3Ewavdy6IRXiLV/8EGFDMdjuBbmjArV2I5kjV6ygXexRvOsQSwPa5Mlk NxDHRDN3hSEekpq8wQQk2hk5x5k78YoOsmpwSawmORWwh2s9umujadcXfDnPVqhYgxQs oqTU+a8UZLO0Ykj1Uxnm4jdB6477mG6iiSO4VVSD2QFR8P3kSRakVeGNvB2R6ASfHkcP gWuMvjdTl6TXbQEhUILZ4JxYxIjSPbE4fl7iB7WcHJEI6vsh1N5UGxPhdPMbW0m9KACY sijJcg4naaVwYPHqU9oQi+bv4nvbDKp4vlJUVKiMmR6oCgCvhG05MQ4MYwWNeY0b5ZOC mQWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=G+CwDwLt9QN7H/jNMcZej/kiUdXk8Be1ZFTOymovuUw=; b=tNFO9+ITsU7PzfgAlGBUCL5nTIBe70bzkPJpWQrEDdq7sjwJZDm5UqBK39+0hL94wN PRGbtIaDr8rDVgLN5b0qp2m6VWMvczoaFBV+7qul76M7BDMHN2G653DAF5EF6ettyH2D BxyT7ZfTi2nblegO8kH/IaplU56TbbNNcRtudFyvVMvIKP2Hp5HzqOHvWw8LIbHzPYgK OampRMeOeiW3YY8C0y+y57CkgXs8EpvU7RvXsmJSrNOg0YRKLpGhhkZQTjXmskewspnW EqObLaMNRRaZyM4sbn1RT8qDOC2urXRxUYRvCXk2ID7Gko60g6hw+5AlyU8HtmFgNQ72 wdNw==
X-Gm-Message-State: AMke39l/wqc7QujnV+8yaxOSSq+pFAuoRLr/5r3PGlLa1HMNveKyNiMcUEiLWDbkh8v0PA==
X-Received: by 10.200.44.236 with SMTP id 41mr13806766qtx.267.1486472822605; Tue, 07 Feb 2017 05:07:02 -0800 (PST)
Received: from [10.0.20.228] (c-73-167-64-188.hsd1.nh.comcast.net. [73.167.64.188]) by smtp.gmail.com with ESMTPSA id u5sm3288003qkd.46.2017.02.07.05.07.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 Feb 2017 05:07:00 -0800 (PST)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <D4C0D518-A3ED-4555-93DA-2EA12D82A662@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_65C91BE4-5654-4E07-9424-D399E437BC17"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Date: Tue, 7 Feb 2017 08:06:59 -0500
In-Reply-To: <3581BE55-B178-4298-8EE8-73FD16B4216D@gmail.com>
To: Brian Dickson <brian.peter.dickson@gmail.com>
References: <CAH1iCiqXohb_7LsQ2EMo8ZB-t20mKq_nUDS8vebhtSXoM13DTg@mail.gmail.com> <20170203210922.7286C618213C@rock.dv.isc.org> <CAH1iCipKwcOsMQY3kjvSZ42LMK37GLD6GP2AVtnWK0c83k-RiA@mail.gmail.com> <20170207040552.8BDCC632F192@rock.dv.isc.org> <3581BE55-B178-4298-8EE8-73FD16B4216D@gmail.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/wXkeS83S9Ck_cpi2Ix7rqFDzZhU>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>
Subject: Re: [DNSOP] ALT-TLD and (insecure) delgations.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2017 13:07:05 -0000

On Feb 7, 2017, at 12:50 AM, Brian Dickson <brian.peter.dickson@gmail.com> wrote:
> I don't think the use cases for most of the sandbox involving alt, and/or the homenet use case, requires support for validating stubs.

If .alt is being used for non-DNS names, you are correct, because non-DNS names cannot be validated, and should never enter the validation process.   However, if it is being used for DNS names, then you have to assume that the stub is validating.   Even though that is not the status quo at present, that's the direction things are likely to go in the future, and this document needs to continue to be correct in the future.