IETF Logo Mail Archive

Re: [ietf-smtp] [OT] (signed TLDs)

"John R Levine" <johnl@taugh.com> Mon, 14 October 2019 14:22 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0DAE12080F for <ietf-smtp@ietfa.amsl.com>; Mon, 14 Oct 2019 07:22:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=gsfLmNC6; dkim=pass (1536-bit key) header.d=taugh.com header.b=eIL4MJZZ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ry1qBXNJ--e9 for <ietf-smtp@ietfa.amsl.com>; Mon, 14 Oct 2019 07:22:11 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABAB1120143 for <ietf-smtp@ietf.org>; Mon, 14 Oct 2019 07:22:11 -0700 (PDT)
Received: (qmail 22622 invoked from network); 14 Oct 2019 14:22:09 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=5859.5da48491.k1910; i=johnl-iecc.com@submit.iecc.com; bh=zabtImrVgYt3epintzeU7bJJESXFZtLcuW5zy0ZoC/4=; b=gsfLmNC6OX2Ap2EDtBineEYxmBTHCEpiPkTzF3rAluGpaFm0S77wQq/jzNRoDrcbtP5cVmugSTQzltn3bxvbxa74t08vgetPHqIJg/aXKxYVVrvZZJpUSd+YwHpUEPU8Vj55Dk2I+ae/fgC6kYK/2bzMvPqyGOXlJEyL9khzWkKoR66cxLgFTH8oXz54tRogniUO9zxnur1q+azUpjv0AAoEwgnOOxURlI5FcLEwWPqavpKdx2M+PyTiURRpzWz0
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=5859.5da48491.k1910; olt=johnl-iecc.com@submit.iecc.com; bh=zabtImrVgYt3epintzeU7bJJESXFZtLcuW5zy0ZoC/4=; b=eIL4MJZZdQkmcW98o5sMvUFOnJvnab4BiylkPTmHLmHTYF0wx3Xc9FKfAFECj7fnVOxWxKd/rOvpYQMfpL2h6zRZ8ZpmixrQvAWe9sv6Ayu98Kgxo4CT7X9hU8j6WeMSGXo8R5+gQh5jBmf8n+XiLz3oLfhFcoYccs1OMX1shI7PrC+4888jttCeVVtnfulJlvqt/faah0RH1LcRcl+NMYLYdvQHl/d2I4s8hE9FJY3AvXDvWJBYBUKwFDBoFnEs
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.3 ECDHE-RSA AES-256-GCM AEAD, johnl@iecc.com) via TCP6; 14 Oct 2019 14:22:09 -0000
Date: Mon, 14 Oct 2019 10:22:09 -0400
Message-ID: <alpine.OSX.2.21.99999.368.1910141020460.72467@ary.local>
From: John R Levine <johnl@taugh.com>
To: Tony Finch <dot@dotat.at>
Cc: ietf-smtp@ietf.org
In-Reply-To: <alpine.DEB.2.20.1910141200120.8949@grey.csi.cam.ac.uk>
References: <20191011160802.50C81C9B780@ary.qy> <alpine.DEB.2.20.1910141200120.8949@grey.csi.cam.ac.uk>
User-Agent: Alpine 2.21.99999 (OSX 368 2019-09-06)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/AzVfAJz5HLv2PXLu7JBd-Dfukco>
Subject: Re: [ietf-smtp] [OT] (signed TLDs)
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2019 14:22:14 -0000

On Mon, 14 Oct 2019, Tony Finch wrote:
> John Levine <johnl@taugh.com> wrote:
>>
>> Unless I missed something, CDS currently only lets you update DS records,
>> not install them initially.
>
> RFC 7344 did not include bootstrapping, but that was added by RFC 8078.
> Sadly it's more like a set of hints rather than an actual protocol...

It's just hand waving.  The guys who wrote it know that, but the problem 
is that there was no consensus on how to bootstrap.  It's a hard problem 
since it's sort of inherent that there's nothing other than a DNSSEC 
signature that reliably authenticates a DNSSEC record.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email