Re: [regext] draft-ietf-regext-bundling-registration-06.txt - Impact of DNSSEC?
Patrick Mevzek <pm@dotandco.com> Wed, 31 October 2018 04:23 UTC
Return-Path: <pm@dotandco.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30944126DBF for <regext@ietfa.amsl.com>; Tue, 30 Oct 2018 21:23:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dotandco.com header.b=Ld434sj8; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=pRF4c5+x
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0QArTYs9hXLp for <regext@ietfa.amsl.com>; Tue, 30 Oct 2018 21:23:40 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 998D51252B7 for <regext@ietf.org>; Tue, 30 Oct 2018 21:23:40 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id A25EF22162 for <regext@ietf.org>; Wed, 31 Oct 2018 00:23:39 -0400 (EDT)
Received: from web6 ([10.202.2.216]) by compute3.internal (MEProxy); Wed, 31 Oct 2018 00:23:39 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dotandco.com; h= message-id:from:to:mime-version:content-transfer-encoding :content-type:in-reply-to:references:date:subject; s=fm1; bh=mxA GFS4fuabCbqmkLD44fM8XLIcWFwWDl3Kixzq5WAk=; b=Ld434sj8UwM1WdVstoq 6dBwoXdbmG4sy2jwGdeHa3jdvF6bkFbiODUqXkasVZKalfszEXs06C5RJEGzSC3D AAnrY3pGJysCosMHjbSAhfqjie6/KORrqEiCy3iv8voyz+dknkA7fZUJuxx0f6Br /vgafdeFuRhfP0higgmTybOdreDPGi2fQ/0VtQkIgEOO9/KlkDe8FCeWxOzVVcHV uDIendWypix4wviEKj0rNI2orkPnPKwuj0gDIs0b85rBbbj+stRts/CdjVQ6zj5B nxthO0iHcpXDe4MIBoD252ETlv96tYq2OaQMFandrBTVW1IHvbtHexBAyGlKvWYb e7A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=mxAGFS4fuabCbqmkLD44fM8XLIcWFwWDl3Kixzq5W Ak=; b=pRF4c5+xvjEOpOQrOFb6dYUWq1glAd0LJjyFp9ilcpeHAaz5Z38QzD1RR K8beo6gb1ZBsI9RlHEX4NHpu4rKA5/bq+VRPGOxV1YYOikBR55pS3gfI6xasK8Z+ lO5GcC37rVGiyfdB3Ehy1CLu9PjCA8rRtAUMvXvvwMyjwEAemQ5KsaIqlm9qzAyt 8AegL3LvjclFVCiDCQgN30OgwtTqsATMsKA6VQWn+ob3BWCF6r62/zsXf8TZiGde jn3lcWIn78nloI+5F1pzL1HjyfWgPqIEEdzw7dKIpUEKKE3uqMljv+ep2TW5lbSR hFyPgEuX+7hDjh6YdCzDLCh5kB+3Q==
X-ME-Sender: <xms:Sy7ZWzUF9rK2CiUr8Xh7MjH00F9QY2zBNGQzr-ALyjRekPB5uV7wz0weC-Q>
X-ME-Proxy: <xmx:Sy7ZW08iT7xjBLXUm-Q8BTucsPakSX7yAc0bDPIJNELVK-JcTZ5sJQ> <xmx:Sy7ZW1oTH1Mcld3CI82YsUe2Jo6SBOPOSr3AsdzN98tpMQHzP8mWyw> <xmx:Sy7ZW78ELtDMJNi_dB1gi-9_mG6fgI50zH30e671KqlPeSSMHlwwgQ> <xmx:Sy7ZWxVShNlQlgLXhEH2YLqhQKB8DCtexJGRBQT76uGE4csoqgm6VQ> <xmx:Sy7ZW5DIQxLu7KcmwQKpb9PCqsBbbDyXr6j723N8UcC-wnfAkeXzRg> <xmx:Sy7ZW-hk4KCTQ5rrnuE78dxovGWW1AKKK0iHBDmV0GZE-wcl0dtmAA>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id 00B694113; Wed, 31 Oct 2018 00:23:38 -0400 (EDT)
Message-Id: <1540959818.3778568.1560491320.5EBDBE9E@webmail.messagingengine.com>
From: Patrick Mevzek <pm@dotandco.com>
To: regext@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-63008d4f
In-Reply-To: <5BD8A375.1070401@markmonitor.com>
References: <153925037464.11372.7633502458048801151@ietfa.amsl.com> <5BD8A375.1070401@markmonitor.com>
Date: Wed, 31 Oct 2018 05:23:38 +0100
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/rwkGni544aDBnLS-w2Tw7Bj67VM>
Subject: Re: [regext] draft-ietf-regext-bundling-registration-06.txt - Impact of DNSSEC?
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Oct 2018 04:23:42 -0000
On Tue, Oct 30, 2018, at 19:31, Mack, Justin wrote: > I see that most attributes are shared between domains in the bundle, > such as assigned nameservers. Does this mean that DS/DNSKEY information > is also shared between these domains? Not possible for DS data as the DS digest value is computed in part from the domain name. So even if using the same key to sign two domains, the DS values will be different. It is technically possible to share a given DNSKEY between multiple domains, but then it means their fate is cryptographically tied: one key compromission opens attacks to all of them. It is kind of choosing in the X.509 world if you do one certicate with X domains related or not on one side or on the other side doing X separate certificates each one with one domain. -- Patrick Mevzek pm@dotandco.com
- [regext] I-D Action: draft-ietf-regext-bundling-r… internet-drafts
- Re: [regext] draft-ietf-regext-bundling-registrat… Mack, Justin
- Re: [regext] draft-ietf-regext-bundling-registrat… Jiankang Yao
- Re: [regext] draft-ietf-regext-bundling-registrat… Patrick Mevzek