Re: [Trans] Redaction

Ryan Sleevi <ryan-ietf@sleevi.com> Tue, 13 December 2016 03:52 UTC

Return-Path: <ryan-ietf@sleevi.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAAFE1294E7 for <trans@ietfa.amsl.com>; Mon, 12 Dec 2016 19:52:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.501
X-Spam-Level:
X-Spam-Status: No, score=-1.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SORBS_SPAM=0.5] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sleevi.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AmgHLE5lHkum for <trans@ietfa.amsl.com>; Mon, 12 Dec 2016 19:52:46 -0800 (PST)
Received: from homiemail-a106.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E6F41294D8 for <trans@ietf.org>; Mon, 12 Dec 2016 19:52:46 -0800 (PST)
Received: from homiemail-a106.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a106.g.dreamhost.com (Postfix) with ESMTP id 9AC1F30002922 for <trans@ietf.org>; Mon, 12 Dec 2016 19:52:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sleevi.com; h=mime-version :in-reply-to:references:from:date:message-id:subject:to:cc :content-type; s=sleevi.com; bh=hUccBebTrcqqx9qUj7cE45G8Q30=; b= bHdobiBuP1e5U6+mX7FGEkIA+OPGcSmlqy0kkUCvEqMZyC+AywzFxpcT9BsVMIhW 80rxYaQszG//DJv8g+ReWvpIuaB8BsO7fZwBCO5Ez39nE13URJnBbN/+gbnCHRaD GxvsdoMuyj/J9P8MdtRsxLFxZx0A2WrGHAlB3OdY+J0=
Received: from mail-io0-f179.google.com (mail-io0-f179.google.com [209.85.223.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: ryan@sleevi.com) by homiemail-a106.g.dreamhost.com (Postfix) with ESMTPSA id 895143000291E for <trans@ietf.org>; Mon, 12 Dec 2016 19:52:45 -0800 (PST)
Received: by mail-io0-f179.google.com with SMTP id p42so35322356ioo.1 for <trans@ietf.org>; Mon, 12 Dec 2016 19:52:45 -0800 (PST)
X-Gm-Message-State: AKaTC013Z8suUv0LzLjF8HqlnPkfMUP3VgCkkoeZMy3O2OF6vb3Y4c+67yQ8SuTUUCxqxtoFrW9DQnlBjUIXGg==
X-Received: by 10.36.66.76 with SMTP id i73mr773079itb.50.1481601164988; Mon, 12 Dec 2016 19:52:44 -0800 (PST)
MIME-Version: 1.0
Received: by 10.79.208.118 with HTTP; Mon, 12 Dec 2016 19:52:44 -0800 (PST)
In-Reply-To: <c5300b2119754484b3af69aa4e505a60@EX2.corp.digicert.com>
References: <6268e70318aa4ba2acf869829fcb62c3@EX2.corp.digicert.com> <20161212222134.GM11153@hezmatt.org> <BLUPR16MB0449CBDA428C59F1101625D4EA980@BLUPR16MB0449.namprd16.prod.outlook.com> <c5300b2119754484b3af69aa4e505a60@EX2.corp.digicert.com>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Mon, 12 Dec 2016 19:52:44 -0800
X-Gmail-Original-Message-ID: <CAErg=HHwSRwk9LAStGTmfhbX76-m5s1Y8MGQdxQNP59qbk8BhQ@mail.gmail.com>
Message-ID: <CAErg=HHwSRwk9LAStGTmfhbX76-m5s1Y8MGQdxQNP59qbk8BhQ@mail.gmail.com>
To: Jeremy Rowley <jeremy.rowley@digicert.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/X5N6mG_qsjDIaJBJMGPZi2oTZhU>
Cc: Matt Palmer <mpalmer@hezmatt.org>, "trans@ietf.org" <trans@ietf.org>, Steve Medin <Steve_Medin@symantec.com>
Subject: Re: [Trans] Redaction
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Dec 2016 03:52:47 -0000

Out of curiousity, did you expand on what "Hide the DNS Label" means?

In your original message, you suggested "100% of the concerned
respondents wanted to support redaction of the left most label in the
DNS." - but wildcards (which, in practice and as implemented by sane
and astute readers of RFC 6125, is limited to the leftmost label)
already accomplish this.

I guess I'm trying to distinguish between whether, based on your
survey, 100% of your customers are satisfied with
?.example.com

Or if they are also imagining
?.?.example.com

Arguably, it's much easier both in policy and in tech to restrict to
?.example.com, but it may be useful to confirm that was what you
meant.