Re: [dnsext] Ghost domain names
Florian Weimer <fw@deneb.enyo.de> Mon, 13 February 2012 22:04 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E15221E8023; Mon, 13 Feb 2012 14:04:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1329170666; bh=drfDvQe3fqAV2eLSyIgOVAxXW7QTYVRu+buLE7Y/HEM=; h=From:To:References:Date:In-Reply-To:Message-ID:MIME-Version:Cc: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Type:Content-Transfer-Encoding:Sender; b=yYWRaWKkWK+jd/y+1LM2keBS57tTfaC8IhEUnCe1QQ5FBNaoadyP+ugYMHB0TgTgZ tAYbrc2du7G5R20PbCh01/Va9sk1q6p8P4qaOH++WBm0IHTqUXxHXcJpCgquJxp/A2 +Pl0Buz5Q+Chd7HtqKrvWwGxWq/3hanajKY3SFXs=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07E9B21E8024 for <dnsext@ietfa.amsl.com>; Mon, 13 Feb 2012 14:04:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.879
X-Spam-Level:
X-Spam-Status: No, score=-1.879 tagged_above=-999 required=5 tests=[AWL=0.370, BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sEn-Br9PXUIe for <dnsext@ietfa.amsl.com>; Mon, 13 Feb 2012 14:04:24 -0800 (PST)
Received: from ka.mail.enyo.de (ka.mail.enyo.de [87.106.162.201]) by ietfa.amsl.com (Postfix) with ESMTP id 411A421E8020 for <dnsext@ietf.org>; Mon, 13 Feb 2012 14:04:24 -0800 (PST)
Received: from [172.17.135.4] (helo=deneb.enyo.de) by ka.mail.enyo.de with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) id 1Rx40U-0003lc-Lu; Mon, 13 Feb 2012 23:04:22 +0100
Received: from fw by deneb.enyo.de with local (Exim 4.72) (envelope-from <fw@deneb.enyo.de>) id 1Rx40U-0003Od-ER; Mon, 13 Feb 2012 23:04:22 +0100
From: Florian Weimer <fw@deneb.enyo.de>
To: Edward Lewis <Ed.Lewis@neustar.biz>
References: <3699_1328861785_4F34D258_3699_2027_1_4F33E1A6.4030902@isc.org> <20120210084439.GB7284@laperouse.bortzmeyer.org> <4F34E0BF.9060305@nlnetlabs.nl> <4F353676.6090702@ogud.com> <161E2DAB-4355-4ED8-826A-6C5A0F74CE52@icsi.berkeley.edu> <4F357920.2000008@ogud.com> <6EEB712F-42B8-4318-ABAD-C11A94F61CC6@verisign.com> <4F3945EE.6070008@ogud.com> <a06240804cb5f0772c009@[192.168.128.21]>
Date: Mon, 13 Feb 2012 23:04:22 +0100
In-Reply-To: <a06240804cb5f0772c009@[192.168.128.21]> (Edward Lewis's message of "Mon\, 13 Feb 2012 13\:58\:50 -0500")
Message-ID: <87bop28k61.fsf@mid.deneb.enyo.de>
MIME-Version: 1.0
Cc: dnsext@ietf.org
Subject: Re: [dnsext] Ghost domain names
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
* Edward Lewis: > I looked briefly at the paper > (http://www.isc.org/files/imce/ghostdomain_camera.pdf) and don't see > this as a "vulnerability" but rather a result of a lack of revocation > in the protocol. (The paper says as much.) Adding revocation isn't > going to be easy. I think before we could do that, we'd need to know how quickly the revocation needs to take effect. If the time period is rather short, this rules out many potential approaches. I'm also not sure if this is an actual problem. For a couple of years, we had unremovable names in COM & NET due to the way those zones were provisioned, and while this was abused, very likely not even intentionally, the world didn't end. (Verisign fixed this prior to the introduction of DNSSEC.) _______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- [dnsext] perhaps we should reintroduce "resimprov… paul vixie
- Re: [dnsext] perhaps we should reintroduce "resim… Andrew Sullivan
- Re: [dnsext] perhaps we should reintroduce "resim… Frederico A C Neves
- Re: [dnsext] perhaps we should reintroduce "resim… Andrew Sullivan
- Re: [dnsext] perhaps we should reintroduce "resim… Andrew Sullivan
- Re: [dnsext] perhaps we should reintroduce "resim… Warren Kumari
- Re: [dnsext] perhaps we should reintroduce "resim… Stephane Bortzmeyer
- Re: [dnsext] perhaps we should reintroduce "resim… paul vixie
- Re: [dnsext] perhaps we should reintroduce "resim… W.C.A. Wijngaards
- Re: [dnsext] perhaps we should reintroduce "resim… Florian Weimer
- Re: [dnsext] perhaps we should reintroduce "resim… Olafur Gudmundsson
- Re: [dnsext] perhaps we should reintroduce "resim… Nicholas Weaver
- Re: [dnsext] perhaps we should reintroduce "resim… Paul Hoffman
- Re: [dnsext] perhaps we should reintroduce "resim… Evan Hunt
- Re: [dnsext] perhaps we should reintroduce "resim… Olafur Gudmundsson
- Re: [dnsext] perhaps we should reintroduce "resim… Blacka, David
- Re: [dnsext] perhaps we should reintroduce "resim… Olafur Gudmundsson
- [dnsext] Ghost domain names Edward Lewis
- Re: [dnsext] perhaps we should reintroduce "resim… Blacka, David
- Re: [dnsext] perhaps we should reintroduce "resim… Olafur Gudmundsson
- Re: [dnsext] Ghost domain names Florian Weimer
- Re: [dnsext] perhaps we should reintroduce "resim… Mohan Parthasarathy
- Re: [dnsext] perhaps we should reintroduce "resim… Edward Lewis
- Re: [dnsext] perhaps we should reintroduce "resim… Paul Vixie
- Re: [dnsext] perhaps we should reintroduce "resim… Mohan Parthasarathy
- Re: [dnsext] perhaps we should reintroduce "resim… Mark Andrews
- Re: [dnsext] perhaps we should reintroduce "resim… Mohan Parthasarathy