IETF Logo Mail Archive

Re: (short version) Re: Last Call: <draft-faltstrom-uri-10.txt> (The Uniform Resource Identifier (URI) DNS Resource Record) to Proposed Standard

Patrik Fältström <paf@frobbit.se> Fri, 27 February 2015 10:05 UTC

Return-Path: <paf@frobbit.se>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70BF81A020B for <ietf@ietfa.amsl.com>; Fri, 27 Feb 2015 02:05:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.961
X-Spam-Level:
X-Spam-Status: No, score=-1.961 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3iaM5v9QerXQ for <ietf@ietfa.amsl.com>; Fri, 27 Feb 2015 02:04:56 -0800 (PST)
Received: from mail.frobbit.se (mail.frobbit.se [85.30.129.185]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C19F1A0077 for <ietf@ietf.org>; Fri, 27 Feb 2015 02:04:56 -0800 (PST)
Received: from ibin.frobbit.se (ibin.frobbit.se [192.165.72.22]) by mail.frobbit.se (Postfix) with ESMTPSA id 49AFA20168; Fri, 27 Feb 2015 11:04:53 +0100 (CET)
Subject: Re: (short version) Re: Last Call: <draft-faltstrom-uri-10.txt> (The Uniform Resource Identifier (URI) DNS Resource Record) to Proposed Standard
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
Content-Type: multipart/signed; boundary="Apple-Mail=_039E3B3B-B968-4E4A-91D7-4DAE462C81B3"; protocol="application/pgp-signature"; micalg="pgp-sha1"
X-Pgp-Agent: GPGMail 2.5b5
From: Patrik Fältström <paf@frobbit.se>
In-Reply-To: <54F03F38.9090601@cisco.com>
Date: Fri, 27 Feb 2015 11:04:52 +0100
Message-Id: <1ED9F633-40B1-4A90-85FE-14526C27A485@frobbit.se>
References: <20150127223859.28024.43756.idtracker@ietfa.amsl.com> <4257D8A3-0EFE-40E3-B0AD-8E23772B7693@mnot.net> <6F9BB11D-C224-4D7B-A06C-41EACBAAB4B2@netnod.se> <54C9DA42.5040901@cisco.com> <9EB44D8A-278B-42FC-A542-1C182AD43128@netnod.se> <A74A30F4D1214630918FD4CA@JcK-HP8200.jck.com> <20150223153757.GI1260@mournblade.imrryr.org> <20150223155241.GJ1260@mournblade.imrryr.org> <tsl8ufoh9ko.fsf@mit.edu> <20150224170209.GV1260@mournblade.imrryr.org> <54F03F38.9090601@cisco.com>
To: Eliot Lear <lear@cisco.com>
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/Ja4mWF5XB74QS1C8qdAZ8ozcIJM>
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Feb 2015 10:05:01 -0000

> On 27 Feb 2015, at 10:56, Eliot Lear <lear@cisco.com> wrote:
> 
> Given a slightly modified example from your document:
> 
>   $ORIGIN example.net.
>   _http._web    IN URI 10 1 "httpS://www.example.com/"
> 
> If the intent here is to declare an equivalence between
> http://example.com and https://www.example.com the problem is that
> absent DNSSEC one is subject to a downgrade attack.  Thus a browser
> cannot trust the equivalence.

Absolutely!

I get that, completely.

I wanted to know what is so special about URI that SRV and MX do _not_ have.

I was surprised I was coming up with some _NEW_ attack vector.

   Patrik

v2.23.0 | Report a Bug | By Email