IETF Logo Mail Archive

[DNSOP] Re: Fwd: New Version Notification - draft-ietf-dnsop-domain-verification-techniques-05.txt

John R Levine <johnl@taugh.com> Thu, 11 July 2024 20:20 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8DDEC16940F for <dnsop@ietfa.amsl.com>; Thu, 11 Jul 2024 13:20:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.408
X-Spam-Level:
X-Spam-Status: No, score=-4.408 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="IISbqO7c"; dkim=pass (2048-bit key) header.d=taugh.com header.b="bZ4AT5Lr"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I58VMa1Sxhmo for <dnsop@ietfa.amsl.com>; Thu, 11 Jul 2024 13:20:11 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88CD2C16943D for <dnsop@ietf.org>; Thu, 11 Jul 2024 13:20:11 -0700 (PDT)
Received: (qmail 54572 invoked from network); 11 Jul 2024 20:20:09 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=d52a66903e79.k2407; bh=6LNdGWNsSA64N5i5lQlq/5u4DBtNr0Pw4ajGj3KZdnk=; b=IISbqO7cR+nESxJeJucoz1bBwFja85piaRsDcaGRA2He9ShNRj96IkjBv05rKpmlRBJR1P3xGbRdC+oNh3+cKzVgBSVX5d5k4frasj4BoQv/e4jWs6sfb3gCTIWISGa/cpAlm1LNwymJXXcwS8Uv/N77lseo5BmW+Mz2SI3lIziQL0fFmbfjSy1Rx48WCdnLSfOu/zA+Y9aRTfgvtkXMoQI/5ezQUuy/dCfEcobmReKEWEKvBorg2Fk1KUHn4+0vdZHbXAJGaWN6vy/HHFIQ0c0gvXkzkA3GuD6QRFBk7JJDNm5STwtSu5izHJHOpGf7Tb3OHHZw90m8DXVANZ68Uw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=d52a66903e79.k2407; bh=6LNdGWNsSA64N5i5lQlq/5u4DBtNr0Pw4ajGj3KZdnk=; b=bZ4AT5LrgishAwSBhunBdkD+bmr0NMEwaoTzIBjoq4JVdhTGTwwNXiQy+Brz5KO0isJX3QXSV3SXXpZC93/7o2tVZWOU9jZEN33WZZcklvW0/KESdNrt1wRF1eZ+myfRA0h1axtNVADvRZeeDLXMwBdRDaiVz97F7defQXlhnCHZnM4FhCO0KMJ/Bj1u4hn0WtigZqkN/4SAjdQR6R2Lv9I/I9FqMFZjIuuiq6Ou/X2+tM5Q/p1mvQ+7XqS522WaqJrQZTAYUmFxk3htZqGnoGPYO06J6K6nfWFSONjOPTDJq13LnSw/IDUnnVpIOS1SuhmbFC1GehRUVRZhLRAZbA==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA CHACHA20-POLY1305 AEAD) via TCP6; 11 Jul 2024 20:20:09 -0000
Received: by ary.qy (Postfix, from userid 501) id ADB918F69925; Thu, 11 Jul 2024 16:20:08 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id 752868F69907; Thu, 11 Jul 2024 16:20:08 -0400 (EDT)
Date: Thu, 11 Jul 2024 16:20:08 -0400
Message-ID: <34779049-71f9-00a2-871c-095735ae0a9e@taugh.com>
From: John R Levine <johnl@taugh.com>
To: Tim Wicinski <tjw.ietf@gmail.com>
X-X-Sender: johnl@ary.qy
In-Reply-To: <CADyWQ+GcA20XjJG-gUDWMCOc23_7xt77POGrRhFjLJQS0qa4bw@mail.gmail.com>
References: <172047471396.458153.12797163404923712142@dt-datatracker-5f88556585-j5r2h> <CADyWQ+GMHrL2ABd6hMhWujMEO=pDtDXsc3tGDPx72uYqxa4JbQ@mail.gmail.com> <20240709212356.43B838F44515@ary.qy> <CADyWQ+EqWf2ERkzM0yK4g=RdQ79JE5ip+Ncoc3McgzOXwRTavw@mail.gmail.com> <a9a7ae1d-7a8b-c8da-f574-0a036f32f9d1@taugh.com> <CADyWQ+GcA20XjJG-gUDWMCOc23_7xt77POGrRhFjLJQS0qa4bw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="us-ascii"
Message-ID-Hash: LJOPOZRYU74LHAK2VFV4MADSY4HG6QKZ
X-Message-ID-Hash: LJOPOZRYU74LHAK2VFV4MADSY4HG6QKZ
X-MailFrom: johnl@taugh.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dnsop@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: Fwd: New Version Notification - draft-ietf-dnsop-domain-verification-techniques-05.txt
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/wfjQfHmvv7PtXdZqZr0WTco-6_w>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

On Thu, 11 Jul 2024, Tim Wicinski wrote:
> The stanford.edu example is useful, only because they don't show up in
> those alexa top-1000(000) lists.
> Like I am sure many here have, I dumped the TXT records to the top 1000 and
> while the majority use
> the format "token=value", there are several that use the "token:value"
> format.
>
> I wonder if there should be some suggestions for "long enough token value" ?

The token is supposed to encode N random bits, so pick a value of 1/(2^N) 
that you think is close enough to zero.  For these purposes, it's hard to 
imagine a plausible scenario where someone is deliberately trying to spoof 
a token with wildcards, so a small N should be fine.

Don't forget that last question, if it's a tagged name that is supposed to 
be unique and you get junk records, try to pick out the good ones or give 
up?  My preference would be to give up on the theory that it is not our 
job to work around your broken software.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

v2.40.3 | Report a Bug | By Email | System Status