Re: [secdir] secdir review of draft-ietf-idnabis-rationale-13.txt
Andrew Sullivan <ajs@shinkuro.com> Mon, 05 October 2009 20:55 UTC
Return-Path: <ajs@shinkuro.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B0DE33A698B; Mon, 5 Oct 2009 13:55:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.128
X-Spam-Level:
X-Spam-Status: No, score=-2.128 tagged_above=-999 required=5 tests=[AWL=0.471, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uZb2UCzo5dOB; Mon, 5 Oct 2009 13:55:09 -0700 (PDT)
Received: from mail.yitter.info (mail.yitter.info [208.86.224.201]) by core3.amsl.com (Postfix) with ESMTP id 0881F3A68FF; Mon, 5 Oct 2009 13:55:07 -0700 (PDT)
Received: from crankycanuck.ca (69-196-144-230.dsl.teksavvy.com [69.196.144.230]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 704402FE8CA1; Mon, 5 Oct 2009 20:56:42 +0000 (UTC)
Date: Mon, 05 Oct 2009 16:56:40 -0400
From: Andrew Sullivan <ajs@shinkuro.com>
To: Vint Cerf <vint@google.com>
Message-ID: <20091005205639.GT25543@shinkuro.com>
References: <D80EDFF2AD83E648BD1164257B9B091208282265@TK5EX14MBXC115.redmond.corp.microsoft.com> <83AA9570-4B1A-4D3A-A9F1-CE73E18B4DFC@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <83AA9570-4B1A-4D3A-A9F1-CE73E18B4DFC@google.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: "secdir@ietf.org" <secdir@ietf.org>, "john+ietf@jck.com" <john+ietf@jck.com>, "idna-update@alvestrand.no" <idna-update@alvestrand.no>, "iesg@ietf.org" <iesg@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-idnabis-rationale-13.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2009 20:55:09 -0000
On Mon, Oct 05, 2009 at 04:39:44PM -0400, Vint Cerf wrote: > i think the point was precisely that DNSSEC should operate at DNS level > (using only LDH-form domain names or, in IDNA2008 parlance, A-labels. No > other form of label valid under IDNA2008 (such as a U-label) should be > used in conjunction with DNSSEC. > > If I have not quite got that right I am sure my colleagues on IDNA- > UPDATE with correct me. That's exactly right. DNSSEC operates on DNS responses, which are required to be A-labels. Therefore, DNSSEC is completely unaffected by IDNA. I think it would be a bad idea to add anything to any section, including the security considerations section, that made any remarks specifically about DNSSEC. If someone really wanted to add something about the effects of IDNA on the security of the DNS _as such_ (rather than the use of labels as humnans understand them), I'd suggest instead somethign to the following effect: "IDNA operates at a level above DNS, and therefore does not affect the security of the DNS protocols. Security issues in the DNS protocols are also security issues for IDNA, because IDNA depends on the DNS." Or something like that. (But I don't think adding anything is a good idea.) A -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc.
- [secdir] secdir review of draft-ietf-idnabis-rati… Charlie Kaufman
- Re: [secdir] secdir review of draft-ietf-idnabis-… Andrew Sullivan
- Re: [secdir] secdir review of draft-ietf-idnabis-… Paul Hoffman
- Re: [secdir] secdir review of draft-ietf-idnabis-… Charlie Kaufman
- Re: [secdir] secdir review of draft-ietf-idnabis-… Martin J. Dürst
- Re: [secdir] secdir review of draft-ietf-idnabis-… Vint Cerf
- Re: [secdir] secdir review of draft-ietf-idnabis-… John C Klensin
- Re: [secdir] secdir review of draft-ietf-idnabis-… John C Klensin
- Re: [secdir] secdir review of draft-ietf-idnabis-… Charlie Kaufman
- Re: [secdir] secdir review of draft-ietf-idnabis-… Vint Cerf
- Re: [secdir] secdir review of draft-ietf-idnabis-… John C Klensin
- Re: [secdir] secdir review of draft-ietf-idnabis-… Andrew Sullivan
- Re: [secdir] secdir review of draft-ietf-idnabis-… John C Klensin
- Re: [secdir] secdir review of draft-ietf-idnabis-… Sam Hartman
- Re: [secdir] secdir review of draft-ietf-idnabis-… JFC Morfin
- Re: [secdir] secdir review of draft-ietf-idnabis-… John C Klensin
- Re: [secdir] secdir review of draft-ietf-idnabis-… Andrew Sullivan
- Re: [secdir] secdir review of draft-ietf-idnabis-… Eric Brunner-Williams
- Re: [secdir] secdir review of draft-ietf-idnabis-… Paul Hoffman
- Re: [secdir] secdir review of draft-ietf-idnabis-… Elisabeth Blanconil