Re: (short version) Re: Last Call: <draft-faltstrom-uri-10.txt> (The Uniform Resource Identifier (URI) DNS Resource Record) to Proposed Standard

Nico Williams <nico@cryptonector.com> Fri, 27 February 2015 16:46 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E44D1A9096 for <ietf@ietfa.amsl.com>; Fri, 27 Feb 2015 08:46:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.044
X-Spam-Level:
X-Spam-Status: No, score=-1.044 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ffg5vYPC8Maq for <ietf@ietfa.amsl.com>; Fri, 27 Feb 2015 08:46:13 -0800 (PST)
Received: from homiemail-a104.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 49B631A8725 for <ietf@ietf.org>; Fri, 27 Feb 2015 08:46:13 -0800 (PST)
Received: from homiemail-a104.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a104.g.dreamhost.com (Postfix) with ESMTP id 1D0842007861D for <ietf@ietf.org>; Fri, 27 Feb 2015 08:46:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=HKA8F5z7WrBDz4twR9uw yo1hxwk=; b=N7V96/QQ7vNWPqX0DahpvbLK1xyXFHkt+aS5dQ0ZXIXNJTWh4dwZ XKwstRTgiUrCb/uzvkGKCFyu7voMZfN38xLBEOg1+k+T3b/gkje3Un5A8d4/2S6J eyy7XQl9wojMAJU+V/5ab0xZMLEI1jnfqL1d0eM5zemqD80W5+5rgFs=
Received: from mail-ie0-f181.google.com (mail-ie0-f181.google.com [209.85.223.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a104.g.dreamhost.com (Postfix) with ESMTPSA id 0D48D2007861B for <ietf@ietf.org>; Fri, 27 Feb 2015 08:46:13 -0800 (PST)
Received: by iecrp18 with SMTP id rp18so32321660iec.1 for <ietf@ietf.org>; Fri, 27 Feb 2015 08:46:12 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.107.27.143 with SMTP id b137mr19710987iob.76.1425055572621; Fri, 27 Feb 2015 08:46:12 -0800 (PST)
Received: by 10.64.130.66 with HTTP; Fri, 27 Feb 2015 08:46:12 -0800 (PST)
In-Reply-To: <54F09A35.9060506@qti.qualcomm.com>
References: <54C9DA42.5040901@cisco.com> <9EB44D8A-278B-42FC-A542-1C182AD43128@netnod.se> <A74A30F4D1214630918FD4CA@JcK-HP8200.jck.com> <20150223153757.GI1260@mournblade.imrryr.org> <20150223155241.GJ1260@mournblade.imrryr.org> <tsl8ufoh9ko.fsf@mit.edu> <2DF7230C-D1D8-4B21-9003-B336108A38CB@vpnc.org> <20150224172649.GX1260@mournblade.imrryr.org> <tslvbircj0d.fsf@mit.edu> <0325DF3F-17F3-4400-BDEA-EDB5334BF35C@frobbit.se> <20150225180227.GT1260@mournblade.imrryr.org> <7AB921D35A7F9B23A53BD11A@JcK-HP8200.jck.com> <tslvbip8io6.fsf@mit.edu> <54F09A35.9060506@qti.qualcomm.com>
Date: Fri, 27 Feb 2015 10:46:12 -0600
Message-ID: <CAK3OfOjTs84ckEXanQrtQZU-ei-o5C0wRLQq4inQ8mb5cKXAow@mail.gmail.com>
Subject: Re: (short version) Re: Last Call: <draft-faltstrom-uri-10.txt> (The Uniform Resource Identifier (URI) DNS Resource Record) to Proposed Standard
From: Nico Williams <nico@cryptonector.com>
To: Pete Resnick <presnick@qti.qualcomm.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/hw6p9CP1r6JN1snzD-SevQ-36Hg>
Cc: John C Klensin <john-ietf@jck.com>, Sam Hartman <hartmans-ietf@mit.edu>, "ietf@ietf.org" <ietf@ietf.org>, =?UTF-8?B?RsOkbHRzdHLDtm0gUGF0cmlr?= <paf@frobbit.se>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Feb 2015 16:46:14 -0000

On Fri, Feb 27, 2015 at 10:24 AM, Pete Resnick
<presnick@qti.qualcomm.com> wrote:
> On 2/25/15 9:18 PM, Sam Hartman wrote:
>> [...]
>
> After speaking with Patrik, I think you have convinced us: The correct thing
> to do at this point is to take out all of the information beyond a simple
> description of the RR, beef up the security considerations to describe the
> security issue, and make that document Informational.

I would much prefer a Standards-Track document that says to
authenticate the origin domainname as follows:

 - use DNSSEC for all DNS queries needed to find the URI RRs and DANE
to authenticate the authorities of the resulting URIs

or

 - expect the target authorities to have certificates that
authenticate the origin, using SNI if need be.

I would still drop everything related to NAPTR and DDDS.

Nico
--