Re: [secdir] secdir review of draft-ietf-dnsop-as112-dname-04

Paul Wouters <paul@nohats.ca> Mon, 11 August 2014 14:08 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A00441A03CF; Mon, 11 Aug 2014 07:08:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.668
X-Spam-Level:
X-Spam-Status: No, score=-2.668 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.668] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T-P3pE8-jwgF; Mon, 11 Aug 2014 07:08:53 -0700 (PDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C31221A01A5; Mon, 11 Aug 2014 07:08:53 -0700 (PDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 7AD0E80048; Mon, 11 Aug 2014 10:08:52 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1407766132; bh=OzfmrAUzWqK9sj/oYh1nItStKusorHsRxe7vcyTZJAM=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=n7aRJZs5NlY3ztPvhUoOKWRSoo/kditKVZz8gUQE8ueK5deztvIEhBhnQAO6gJU0n CCTz3fwVz13fGGw7IgL243PD7YsNvheI0rudF80QVXfYiR3gngQ8ABG+RSxl/E5rck Hguinyh3CHKcxXFLTz333AuYphQ5hH46kUVflmyo=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id s7BE8pEf025060; Mon, 11 Aug 2014 10:08:51 -0400
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Mon, 11 Aug 2014 10:08:51 -0400 (EDT)
From: Paul Wouters <paul@nohats.ca>
To: "Klaas Wierenga (kwiereng)" <kwiereng@cisco.com>
In-Reply-To: <A3743AA4-08E3-4177-BB5D-E8B4A87E863F@cisco.com>
Message-ID: <alpine.LFD.2.10.1408111005490.25009@bofh.nohats.ca>
References: <04F423A7-DEEC-47B0-8FB7-61D14F2D89EB@cisco.com> <alpine.LFD.2.10.1408071024250.21674@bofh.nohats.ca> <A3743AA4-08E3-4177-BB5D-E8B4A87E863F@cisco.com>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=Windows-1252; format=flowed
Content-Transfer-Encoding: 8BIT
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/lGvqsxn2mdzhbytD6DUMr3PBRd0
Cc: "draft-ietf-dnsop-as112-dnam.all@tools.ietf.org" <draft-ietf-dnsop-as112-dnam.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-dnsop-as112-dname-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Aug 2014 14:08:55 -0000

On Mon, 11 Aug 2014, Klaas Wierenga (kwiereng) wrote:

>> instance, ISPs could run an AS112 instance to take all RFC1918 queries.
>> When new ranges are added (like 100.64.0.0/16) the ISP does not even
>> need to update their AS112 instance (they have to do so now). The
>> document's main purpose is to get rid of that bad static list. Because
>> it is static, an ISP cannot even really add anything to it, without
>> causing inconsistency.
>
> OK, that sounds reasonable. So I gather that this list of “definitive local significance” ranges is relatively dynamic? I.e. there is a need for updating this list often?

It requires no reconfiguration of an AS112 node. That is the goal of the
draft. AS112 becomes "zero maintanance". Of course, there will still be
discussion about what the IETF as a community should point to the AS112
blackhole.

Paul