From nobody Thu Jul 3 14:41:37 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E50D1A04A2 for ; Thu, 3 Jul 2014 14:41:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.101 X-Spam-Level: X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zK4bGkDVqL93 for ; Thu, 3 Jul 2014 14:41:34 -0700 (PDT) Received: from mail-ve0-x231.google.com (mail-ve0-x231.google.com [IPv6:2607:f8b0:400c:c01::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5FEB51A03F4 for ; Thu, 3 Jul 2014 14:41:34 -0700 (PDT) Received: by mail-ve0-f177.google.com with SMTP id i13so861548veh.8 for ; Thu, 03 Jul 2014 14:41:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:date:message-id:subject:from:to:content-type; bh=VNWpXAkB/zOAy1T1vFvVIF1f7mQgb59LYKWB8Ln18ik=; b=ALJ+Ei0rJsJVzrziaqV3kZSktU17zn7OngmIbEaitIHS1jUjn9yo2RFYv+T63p2Y5m uOIwTWlpPQz9BNcNifXnn0iDNWprccGGlSPPfIrFO54Zm2FI04hsdewceLxdVerfge3S Iji+XM1nIMgrC3u5v7dF7L/8mb0T7kfW1ztG9MJbb4Lr9jYhDF3TeHVBxFVZ+TAa59it Kv7eCn3MG/BCKut2FiQ9Js/9L+01u7JGRcz7XDZu6sq1HIjB/o7yelFrc4R+G6HWRSsr yAbPDIw0tWzNFR5+lMJO23o+nKapLlttAFN/1bqk1kOOUTrFadJdU5r7EnASvr5PrkqL V29A== MIME-Version: 1.0 X-Received: by 10.58.188.199 with SMTP id gc7mr5981108vec.4.1404423693385; Thu, 03 Jul 2014 14:41:33 -0700 (PDT) Received: by 10.220.227.7 with HTTP; Thu, 3 Jul 2014 14:41:33 -0700 (PDT) Date: Thu, 3 Jul 2014 17:41:33 -0400 Message-ID: From: Jeffrey Walton To: dbound@ietf.org Content-Type: text/plain; charset=UTF-8 Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/KbMEOyJpLdPAcfI5j050myEZxSY Subject: [Dbound] Are there any deliverables? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: noloader@gmail.com List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2014 21:41:35 -0000 Looking through the archive, Dbound appears to be relatively new. Has the group produced any deliverables? If so, where are they? Sorry to have to ask. I'm facing hostname matching/verification checks for X509 certificate (not cookie matching), and I don't want to hack up Mozilla's PSL (been here, done that). I'm looking for a more disciplined approach this time around. Thanks in advance. From nobody Thu Jul 3 14:48:17 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C49E01B2A3B for ; Thu, 3 Jul 2014 14:48:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kYawOcDaTMVe for ; Thu, 3 Jul 2014 14:48:13 -0700 (PDT) Received: from mail-ie0-x22f.google.com (mail-ie0-x22f.google.com [IPv6:2607:f8b0:4001:c03::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00C071B2A34 for ; Thu, 3 Jul 2014 14:48:12 -0700 (PDT) Received: by mail-ie0-f175.google.com with SMTP id tp5so889111ieb.6 for ; Thu, 03 Jul 2014 14:48:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=date:from:to:cc:message-id:in-reply-to:references:subject :mime-version:content-type:content-transfer-encoding :content-disposition; bh=aAWiZkyRxFkDPS/+NwH7nt+6jt/oDxsuMYd2BiFyewo=; b=BchdSB0BghOoH6dsfLHZJTyvd6yztIrRAiGwacnU41LHEl/sAfZglpFasrpD4YZXqH Wvx4vNNJgyDy9ozN4BQoa4JmUAeZ8robbRXCsHbE79zYzWf3Bon6NSQFR2c3AuIgyvCW a5ZG5XMreal6DtNP2uPxqlblD/79eHNX2ku8E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:message-id:in-reply-to :references:subject:mime-version:content-type :content-transfer-encoding:content-disposition; bh=aAWiZkyRxFkDPS/+NwH7nt+6jt/oDxsuMYd2BiFyewo=; b=Fo/v2bPY/Y9Hb7r0ikvsHhOJcWp0bd3g1aQJpDdb09RRbWs8UV3AiNT8FAzuwmme7A T/vCQwAqoUkjZQvNP/J2od09Nx/rhXVtuzZKHB7Nq39WfNI+10sA+/6vbjjp0Fx54UoL O4FYa56VH+kYHl+tvE/70fuzRd1w31RsVfPZrvEgxeVTVoqLdMEAh2chJFWJUl2RU/Yx x5p0xQLZ9f9IY2QRkQZ6j1bDQuWQv6mR8NtJFpbl0nc60x9JL+XWOo/RS8iOAZitHCIv F6SoqmHXju2iRK84b+FVTqw3KmbIjxIFz0ZJqEU8wfdED3Gf2ztC37DAVwXo+QgfapOv +mdw== X-Gm-Message-State: ALoCoQlTKJla6AxNcljlHLpD5o8IvDcQD82Xib8QFL/bfKRFUNx4d3K5mkWeGmBYkmZea9X65NEu X-Received: by 10.42.83.7 with SMTP id f7mr5132328icl.65.1404424092427; Thu, 03 Jul 2014 14:48:12 -0700 (PDT) Received: from walrus.hopcount.ca (24-52-234-221.cable.teksavvy.com. [24.52.234.221]) by mx.google.com with ESMTPSA id m1sm56147371ige.22.2014.07.03.14.48.11 for (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 03 Jul 2014 14:48:12 -0700 (PDT) Date: Thu, 3 Jul 2014 17:48:11 -0400 From: Joe Abley To: noloader@gmail.com Message-ID: In-Reply-To: References: X-Mailer: Airmail (237) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/XveHlvtChSai8J0pLCDIie3U45c Cc: dbound@ietf.org Subject: Re: [Dbound] Are there any deliverables? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2014 21:48:14 -0000 Hi Jeffrey, On 3 July 2014 at 17:41:37, Jeffrey Walton (noloader=40gmail.com) wrote: > Looking through the archive, Dbound appears to be relatively new. Has > the group produced any deliverables=3F If so, where are they=3F > =20 > Sorry to have to ask. I'm facing hostname matching/verification checks > for X509 certificate (not cookie matching), and I don't want to hack > up Mozilla's PSL (been here, done that). I'm looking for a more > disciplined approach this time around. As I understand it, dbound has held a BO=46 but is not a working group, a= nd hence has no charter or milestones. I am aware of some work relating to PSL evolution going on in a couple of= quiet corners, but nothing that has yet yielded any public results. There are a couple of Internet-Drafts that could be used as part of a mig= ration strategy from the currently-maintained PSL to something better in = the future, but nobody (to my knowledge) has suggested out loud a migrati= on strategy of any kind. =C2=A0 http://tools.ietf.org/html/draft-sullivan-domain-policy-authority-= 01 =C2=A0 http://tools.ietf.org/html/draft-levine-orgboundary-02 I think it would be useful if you could talk more about your particular p= roblem statement, though. If chartered, a future dbound working group wil= l need all the problem statements it can get. Joe From nobody Thu Jul 3 15:11:00 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C19F1B299E for ; Thu, 3 Jul 2014 15:10:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uXhSr7MJ9bc1 for ; Thu, 3 Jul 2014 15:10:54 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id B7CFA1B2951 for ; Thu, 3 Jul 2014 15:10:54 -0700 (PDT) Received: from [10.70.10.77] (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 29708F984; Thu, 3 Jul 2014 18:10:51 -0400 (EDT) Message-ID: <53B5D4E0.1050202@fifthhorseman.net> Date: Thu, 03 Jul 2014 18:10:40 -0400 From: Daniel Kahn Gillmor User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Icedove/30.0 MIME-Version: 1.0 To: Joe Abley , noloader@gmail.com References: In-Reply-To: X-Enigmail-Version: 1.6+git0.20140323 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="UdsmXXgxU0tUqQ4kUNwActo2SMD3vp5ua" Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/H4Hur0hMmsGe3Q7gVZB7GE7_l9A Cc: dbound@ietf.org Subject: Re: [Dbound] Are there any deliverables? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2014 22:10:57 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --UdsmXXgxU0tUqQ4kUNwActo2SMD3vp5ua Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 07/03/2014 05:48 PM, Joe Abley wrote: > I think it would be useful if you could talk more about your particular= problem statement, though. If chartered, a future dbound working group w= ill need all the problem statements it can get. over on the w3c's webappsec list, there was a mention recently of the public suffix list in the context of Content-Security-Policy (CSP) and Cross-Origin-Resource-Sharing (CORS). I think the feeling of the group was that they didn't want to encumber those standards with the machinery of the PSL, ultimately. But it might be worth prodding that community for more concrete problem statements about what kind of administrative bounds they would be interested in. --dkg --UdsmXXgxU0tUqQ4kUNwActo2SMD3vp5ua Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTtdTgXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcvDIP/3y88GH0yfZnZFNDOzu7wf8K 11JNH9WWbbzivj2yD68E100G/VSAY0HuR6AqUnDQLmw2kdKlUACkzIRYOQWstXfi UfaEAEivhQO5O4xBuiecGJ+3Qfcpyyuy9ABvXp1yld0sDTPIi++oPrmiDF0uwNth XEkV2bWvOJsMbpM6kXWSImVopZcogUC0+T9lcuFGcXu3GVI5AtT/VO7P99mGvg/z g2erKLp8j3TaJy5K+dlz+fiXqZW43DwAiwwi1j0veoyhsSjGlnyF18ZDylMVxhoA 1B46CDRQaXocPwU+upS2/REDwW6+ZGyaJYNzrp9INvOK2fQ2BcUEEBTBGsTFnKUg LM5Tp+e4ez9W0ZWAe8S0oL1eS4OSg1uhtgjtr//kqcbkDvoxr3Uh3PhPL8MZjTjL Hc0gtmTFxkKXVjRo6tWqrVrOfEcXqiAc47EsxiTCWXd0Bt9URWvHbnI8a0MO87pI 59QSDezLEnAWijjXsszMhra+5Y+S2RCpOVbRvTsnUh0r/dw//JmzDxFKsg4gBBAn AUc1C9PbbgAjNN/42M/rkW7D+rqM1QBsjheCeLxh5o3jTwnEje3CChAAvA4Cpqaj 0lEeEuCgLY52z7tPWrdNbJ2fSEfzxxb6/qH0siT0HjkRrpQ0j3CEcqI82DKu/4rh E6yRBzcTfTBh5ZHsHAR4 =EtS/ -----END PGP SIGNATURE----- --UdsmXXgxU0tUqQ4kUNwActo2SMD3vp5ua-- From nobody Thu Jul 3 15:20:21 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A69971B289F for ; Thu, 3 Jul 2014 15:20:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.141 X-Spam-Level: X-Spam-Status: No, score=-0.141 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dYHz8eFBFksh for ; Thu, 3 Jul 2014 15:20:12 -0700 (PDT) Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55D2F1A0AC6 for ; Thu, 3 Jul 2014 15:20:12 -0700 (PDT) Received: from mx1.yitter.info (c-76-118-173-172.hsd1.nh.comcast.net [76.118.173.172]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id 972C28A031 for ; Thu, 3 Jul 2014 22:20:10 +0000 (UTC) Date: Thu, 3 Jul 2014 18:20:03 -0400 From: Andrew Sullivan To: dbound@ietf.org Message-ID: <20140703222002.GA51076@mx1.yitter.info> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/bsIPXIBrWS4jiV9Vm0stVK9S3GM Subject: Re: [Dbound] Are there any deliverables? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2014 22:20:13 -0000 On Thu, Jul 03, 2014 at 05:48:11PM -0400, Joe Abley wrote: > > I am aware of some work relating to PSL evolution going on in a couple of quiet corners, but nothing that has yet yielded any public results. > Well, there was a design team formed, but they don't seem to have said anything since. A -- Andrew Sullivan ajs@anvilwalrusden.com From nobody Thu Jul 3 15:56:41 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3C321B29FC for ; Thu, 3 Jul 2014 15:56:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.137 X-Spam-Level: X-Spam-Status: No, score=-1.137 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HA5ItM__T0BW for ; Thu, 3 Jul 2014 15:56:38 -0700 (PDT) Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86A291B29C2 for ; Thu, 3 Jul 2014 15:56:38 -0700 (PDT) Received: (qmail 30162 invoked from network); 3 Jul 2014 22:56:36 -0000 Received: from miucha.iecc.com (64.57.183.18) by mail1.iecc.com with QMQP; 3 Jul 2014 22:56:36 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=3085.53b5dfa4.k1406; i=johnl@user.iecc.com; bh=rEnVhrRg86uBi5OMhj7sem8VDGdnrEQusjCsOyEVw/U=; b=lJnlbiFS3esaODEx5Ay1EK8F+FE5vHYW44+3YpvNOGwd00I+VlR0xkwpJyh+U7Z23hMK3eb7mFvBG6yjMBKSVS7OKXGMK8Cik3UnLKdShQRvgUPfiE5vkOkW+F+KldFsHjIvmUUE443z+9FjG4Gp2efEeIlk8O6Z+QRNPdkW+fxng6TXLu8+WJrmaIr5QGfJQDt3Ll5gT1fPLV3bFyGoDsreKxcryj7e/bui6LVSA5s7PJhyG2v91Je2v1Dp+9la DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=3085.53b5dfa4.k1406; olt=johnl@user.iecc.com; bh=rEnVhrRg86uBi5OMhj7sem8VDGdnrEQusjCsOyEVw/U=; b=YoOFkVrXw+Qt3RVaAEWViYKmtAeLPOhyzyMlUpDYlNCxcZbYcrFO++fn+aFrufRKvnHQQaInzTF31gqNmJZSjdeX6DV82d0VnxjlpmJPF3vBwXTE072nAe5Zxgjg/+c28OGWdawRtTFB9kQm401fISymbEA4kUBmGJBnW+9c8omhMNqwBJs4b7ff9WzMMupIbK3LYdfnnEg2fxG9oq2wf6Hdg4MoAx7v0NE09Ficz8mh3M+YDOZBATe0QbiHUGhd Date: 3 Jul 2014 22:56:14 -0000 Message-ID: <20140703225614.12420.qmail@joyce.lan> From: "John Levine" To: dbound@ietf.org In-Reply-To: <20140703222002.GA51076@mx1.yitter.info> Organization: X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/yLx33euFFShrrVQOqclJ5LwOpp8 Cc: ajs@anvilwalrusden.com Subject: Re: [Dbound] Are there any deliverables? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2014 22:56:39 -0000 >> I am aware of some work relating to PSL evolution going on in a couple of quiet corners, but nothing that has yet >yielded any public results. >> > >Well, there was a design team formed, but they don't seem to have said >anything since. Most of us on the design team met during the ICANN meeting, and decided to try and deliver a draft that at least sets out the list of problems that we think that DBOUND might address. The issue we're stuck on (as Andrew knows but other readers may not) is that people use the PSL for a variety of applications with subtly but importantly different semantics. A replacement design that would work well for one often would work poorly or not at all for another, and we've made no progress figuring out which problem(s) we're trying to solve. So as a first step, we'll try and describe all the problems we haven't solved yet. We'll probably do a bar BOF in Toronto, since Toronto is reputed to have many bars. Andrew may be able to offer insight here. R's, John From nobody Thu Jul 3 16:22:35 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60CB61B29CF for ; Thu, 3 Jul 2014 16:22:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 4.475 X-Spam-Level: **** X-Spam-Status: No, score=4.475 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001, URIBL_WS_SURBL=4, URI_OBFU_WWW=2.475] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zuz9iGsYCpNa for ; Thu, 3 Jul 2014 16:22:24 -0700 (PDT) Received: from mail-qa0-x22b.google.com (mail-qa0-x22b.google.com [IPv6:2607:f8b0:400d:c00::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B61B61B2B4F for ; Thu, 3 Jul 2014 16:22:24 -0700 (PDT) Received: by mail-qa0-f43.google.com with SMTP id k15so759376qaq.2 for ; Thu, 03 Jul 2014 16:22:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=0MIbaqXWGU9yKMvvvsJwyP0YdT4r5oYvsunNIceZMbs=; b=AJ8rKLDKIu9G80f7I7BuE1kvlClxR/TH6H0URxIdLgV5BR5hSvSxX7ekeEiP+lspZ0 I9p0gHBB2AqXcPcUvj3o7WpZYQCSJPZeAJokciJGa5T6WVIUKb7RUMIyCmqPzKp+r9s6 TGEYBmXJUAvev6jw4e+aJbpmyuD9rsyDgtUDMQjCZaR/KBly+jkjguf8iL2qTu3tR6Ay /SMXOEnTX77GnIf1LRnrjCbDWeDkfslEE2LcyiQ33zM/4TILBJ7mdSogtIEawGPpSjmJ qTENfWfM/H4gpJtoZHc2kwbZUrzMukyflxzCG6hifQFESSsFhH6/9fmwGzWWUnHfdJ+e QLug== MIME-Version: 1.0 X-Received: by 10.224.72.13 with SMTP id k13mr12782103qaj.54.1404429743928; Thu, 03 Jul 2014 16:22:23 -0700 (PDT) Received: by 10.229.31.132 with HTTP; Thu, 3 Jul 2014 16:22:23 -0700 (PDT) In-Reply-To: References: Date: Thu, 3 Jul 2014 19:22:23 -0400 Message-ID: From: Jeffrey Walton To: Joe Abley Content-Type: text/plain; charset=UTF-8 Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/0m7mgUsYjdFMjvmBE0oZHmU2-jA Cc: dbound@ietf.org Subject: Re: [Dbound] Are there any deliverables? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: noloader@gmail.com List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2014 23:22:26 -0000 Hi Joe, > I think it would be useful if you could talk more about your particular problem statement, though. If chartered, a future dbound working group will need all the problem statements it can get. > My use case is rather dull. I'm working with a library, and I need to connect to a server. For example, I want to connect to www.example.com, and ensure one (or more) of the DNS names in the certificate match the server I was attempting to connect to. The expected positive case is I go to www.example.com, and the certificate's SAN is www.example.com or *.example.com. In this case the library returns SUCCESS for Match(servername, certificate). The somewhat undesirable positive case is I connect to www.example.com, and the certificate's CN is www.example.com or *.example.com. Its somewhat undesirable because using using CN for DNS names is deprecated by both the IETF (RFC 6125) and CA/B Forums (Baseline Requirements). In this case the library returns SUCCESS for Match(servername, certificate). One of the negative cases that has me concerned: I connect to example.com, the certificate has a SAN (or CN) of "*.com", and the verification succeeds. Intuitively, we know that no one entity is responsible for all of *.COM, yet many libraries don't fail the check because its not explicitly prohibited in an RFC (like 5280 or 6125). Here's another negative case that has me concerned: I connect to www.example.com, the certificate has a SAN (or CN) of "www.*.com", and the verification succeeds. Again, many libraries don't fail the check because its not expressly prohibited in an RFC (like 5280 or 6125). Finally, here's the last negative case that has me concerned: I connect to example.co.uk or www.example.co.uk, the certificate has a SAN (or CN) of "*.co.uk" and "www.*.co.uk", and the verification succeeds. Some libraries have a "two label" rule, but the two label rule is not enough to catch the ccTLDs. Open questions for me, which I hope the Dbound group can help with: 1) *.com (gTLD match) 2) *.co.uk (ccTLD match) 3) w*.example.com (prefix with wildcard) 4) *w.example.com (suffix with wildcard) 5) www.*.example.com (inner wildcard, not gTLD or ccTLD) I know how to handle some of the items above, but I don't know what I should do with others. And it would be nice to cite an RFC that brings sanity back to matching *.COM and *.CO.UK. What I don't really care about at the moment (and others likely do care about): foo.wordpress.com versus bar.wordpress.com. I don't really care if there are two different operators hanging off of wordpress.com. If the owner of the domain wordpress.com states he/she is responsible for *.wordpress.com (and offends foo.wordpress.com and bar.wordpress.com), then that's between the owner of the domain and the subdomain operators. I can go into more details with example certificates (Example CA and attack-enabled end-entity certs) and code for a number of libraries like .Net/C#, Cocoa, CocoaTouch, GnuTLS, Java, Python, PERL, and Ruby. I should have some code for OpenSSL soon (hostname matching is being cut-in as we speak; cf, http://www.openssl.org/docs/crypto/X509_check_host.html). Jeff From nobody Thu Jul 3 16:34:57 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E58F21B2A8D for ; Thu, 3 Jul 2014 16:34:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZEbU-60MtDVI for ; Thu, 3 Jul 2014 16:34:53 -0700 (PDT) Received: from mail-vc0-x229.google.com (mail-vc0-x229.google.com [IPv6:2607:f8b0:400c:c03::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 502841B29FC for ; Thu, 3 Jul 2014 16:34:53 -0700 (PDT) Received: by mail-vc0-f169.google.com with SMTP id la4so938198vcb.0 for ; Thu, 03 Jul 2014 16:34:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=QY2TNzZBHLU13vEydnChfPxtkeqG6kaOjWdjnVoUPcI=; b=va7XQrPxlPp1sekRF4Q4aDrZITFEPa6OnhHpQtLGH/PyN/Njddm7TKlnRn8/2GNmBT 97OmctBPL0g2r4fwd66q96heXSxrZmk5hAoNdpHXqVxKDr/Rb+eqShDd578pfpMzFTpY JkZJ8IyWGOV28xhsJkROAjOHpJicDW5bxSQhdKfgOayPmbrmWykj3VFEnlENALJ/h8s7 qLq+zI4trkwqEfo3jmQrjMCYIGoG5Ja48bA8LUb13QQFWkqdWOOJM0RjYRtNVe3GU8/2 6Hb/4EPdWrrqwi3zIeAYD6y5FB/LpOtXJwJKClGT9kl6JjZDjmQH5WTyL8UkqxSXe/zz 6KOA== MIME-Version: 1.0 X-Received: by 10.221.44.73 with SMTP id uf9mr6427714vcb.9.1404430492474; Thu, 03 Jul 2014 16:34:52 -0700 (PDT) Received: by 10.220.227.7 with HTTP; Thu, 3 Jul 2014 16:34:52 -0700 (PDT) In-Reply-To: <53B5D4E0.1050202@fifthhorseman.net> References: <53B5D4E0.1050202@fifthhorseman.net> Date: Thu, 3 Jul 2014 19:34:52 -0400 Message-ID: From: Jeffrey Walton To: Daniel Kahn Gillmor Content-Type: text/plain; charset=UTF-8 Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/EdjqnQDrZxct7V6c4SAuKi6GTmE Cc: dbound@ietf.org Subject: Re: [Dbound] Are there any deliverables? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: noloader@gmail.com List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2014 23:34:55 -0000 On Thu, Jul 3, 2014 at 6:10 PM, Daniel Kahn Gillmor wrote: > On 07/03/2014 05:48 PM, Joe Abley wrote: >> I think it would be useful if you could talk more about your particular problem statement, though. If chartered, a future dbound working group will need all the problem statements it can get. > > over on the w3c's webappsec list, there was a mention recently of the > public suffix list in the context of Content-Security-Policy (CSP) and > Cross-Origin-Resource-Sharing (CORS). I think the feeling of the group > was that they didn't want to encumber those standards with the machinery > of the PSL, ultimately. But it might be worth prodding that community > for more concrete problem statements about what kind of administrative > bounds they would be interested in. Thanks Daniel. I think I saw that thread (was that with Brad Hill?). I think there's a potential political problem. Many libraries respect the IETF, but hold the W3C is less esteem. So if the W3C published something, then some popular libraries might be less willing to adopt it compared to an equivalent document from the IETF. My observations could be wrong about libraries and the W3C. When I use a library to connect to a public website, the certificate was likely issued under CA/B Baseline Requirements (or EV Guidlines). However, the libraries refuse to validate them under the requirements they were published, and choose to validate them under somewhat less specific or more permissible standards (cf., allowable Key Usage and Extended Key Usage combinations specified in RFC 5280). Jeff From nobody Thu Jul 3 16:54:02 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCA7C1B2B3D for ; Thu, 3 Jul 2014 16:53:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jsag74ZCZUcf for ; Thu, 3 Jul 2014 16:53:58 -0700 (PDT) Received: from mail-vc0-x22f.google.com (mail-vc0-x22f.google.com [IPv6:2607:f8b0:400c:c03::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B3C81B2A75 for ; Thu, 3 Jul 2014 16:53:57 -0700 (PDT) Received: by mail-vc0-f175.google.com with SMTP id hy4so924775vcb.6 for ; Thu, 03 Jul 2014 16:53:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=JGl016A4oNnfMdkEb4iAUlugaA3h8DixvnS4Vt+N1to=; b=IIpFbM1vVcl00HCVhCr9ksAW4sR1G6xpqF67lzkoUy1IQ6EslI1MtOxkLTgV5wj6uG XuPRBB9mR2qM5s9NV44dgtnDngLPGKaclCZ7IqZY6VzqowgGvOVexYbBUKMwVy0pwtOM xumdbUm/C0kdQ2neS0QS7TGFEPlSY91t+kr09Crk+0/PdracVblu0Q0rDjgrvMSLhI1I PqGRfjj3fdFP3yfsXTKeE3QVbU1CAwTNBIomQcpMZemSgVtK8uiGjNEmph1artT+eCc3 cgh2OCXiPpouVDOiaykz189Pb6XWxsMWmx7rAp0uKv0KO+43xTOugYZFBzgejUucItMS bNfw== MIME-Version: 1.0 X-Received: by 10.220.190.197 with SMTP id dj5mr6389162vcb.19.1404431637238; Thu, 03 Jul 2014 16:53:57 -0700 (PDT) Received: by 10.220.227.7 with HTTP; Thu, 3 Jul 2014 16:53:57 -0700 (PDT) In-Reply-To: <20140703225614.12420.qmail@joyce.lan> References: <20140703222002.GA51076@mx1.yitter.info> <20140703225614.12420.qmail@joyce.lan> Date: Thu, 3 Jul 2014 19:53:57 -0400 Message-ID: From: Jeffrey Walton To: John Levine Content-Type: text/plain; charset=UTF-8 Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/-rHdqjx4fTJ4I0Ne32D_OHFvWTE Cc: dbound@ietf.org Subject: Re: [Dbound] Are there any deliverables? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: noloader@gmail.com List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2014 23:53:59 -0000 > The issue we're stuck on (as Andrew knows but other readers may not) > is that people use the PSL for a variety of applications with subtly > but importantly different semantics. A replacement design that would > work well for one often would work poorly or not at all for another, Yeah, I've felt that pain when using the PSL for validating hostnames in certifcates. I think the solution would likely include a few profiles. For example, DBOUND would have a base set of requirements. Those interested in certificate hostname matching would get additional refinements. A library providing a DBOUND implementation would allow the caller to select the profile. Similarly, the Cookie/PSL case would have its own separate profile, and a library would allow it to be selected when the caller is similar to a browser. The PSL is a list of entries (for lack of a better term) that are black listed. Some entries are negatives, so they effective become white listed. From working with the list in the past, its my observation that there are three types of entries: gTLDs, ccTLDs, "effective" TLDs or effTLDs, and Domains. To bring them together, the CERTIFICATE_PROFILE would consider gTLDs, ccTLDs and Domains. The COOKIE_PROFILE would consider gTLDs, ccTLDs, effTLDs and Domains. Another profile of interest might be an INTERCEPT_PROFILE, which allows *.COM (et al) matching for an organization running an interception proxy. > and we've made no progress figuring out which problem(s) we're trying > to solve. Ah, OK. I can give you the use cases I am familiar with. But they are not sexy like the WWW folks want or have. Jeff From nobody Thu Jul 3 17:01:07 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45C841B2B3D for ; Thu, 3 Jul 2014 17:01:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.137 X-Spam-Level: X-Spam-Status: No, score=-1.137 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x1BP8L64GGRt for ; Thu, 3 Jul 2014 17:01:05 -0700 (PDT) Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0836B1A050E for ; Thu, 3 Jul 2014 17:01:04 -0700 (PDT) Received: (qmail 39459 invoked from network); 4 Jul 2014 00:01:04 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=9a22.53b5eec0.k1407; bh=SZMZm3cmuSs1BKmfQB8gP4PgdfNf+2JX+qBUy8mXElA=; b=etAnvquT/sX7v0Ijkv9jQ9oGTNMcz+lDX6K+RsD96z94NkZ0EtuGN3nQroMoCd8sIF8+l8wnYOr+A1Gakqy/6RXM2h5GRiBrGrUnbk1fyIAWmMhS78VjUjdFTXdo0jYq3Y+f7Juq29PqvPX5pH0KUNmSZykpOOW62SykrfNYTUXWKXi7Fu1zupP36MuxTm42VJ7pqBwB8rdXFpQP05W2u02PoWEreMKpJ9Eus434HrGbTOhTs4bwZa0GUkaKJGTE DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=9a22.53b5eec0.k1407; bh=SZMZm3cmuSs1BKmfQB8gP4PgdfNf+2JX+qBUy8mXElA=; b=ocP+xToVPmn6u0l2vFJxFG8HyNpWTcjoqxCEc7nozFI/mBYFnKhlj81EAMSJ0zQk0Rc1krSrLiFDtXMT4aHqA19+HtkY+DZkQ9fs7zBW0oWPGXpjbC9ivPg/RWxnye8OSW8hgT+wW+/kvU98LQZ/Kk1CUBJff9t/gh5y/Dzgx4PvDcWj4mfCm8V9wDgQhu+7DIbrfNdLzucdRnFJIrWDokSyxZrqVIemDuDaZrccgq0mbCmSjyOq1RG1WwQZkDS0 Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 04 Jul 2014 00:01:03 -0000 Date: 3 Jul 2014 20:01:03 -0400 Message-ID: From: "John R Levine" To: "Jeffrey Walton" In-Reply-To: References: <20140703222002.GA51076@mx1.yitter.info> <20140703225614.12420.qmail@joyce.lan> User-Agent: Alpine 2.11 (BSF 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/s0TO5l6VR4HgvU39ATkYbf9cCmM Cc: dbound@ietf.org Subject: Re: [Dbound] Are there any deliverables? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jul 2014 00:01:06 -0000 >> The issue we're stuck on (as Andrew knows but other readers may not) >> is that people use the PSL for a variety of applications with subtly >> but importantly different semantics. A replacement design that would >> work well for one often would work poorly or not at all for another, > Yeah, I've felt that pain when using the PSL for validating hostnames > in certifcates. > > I think the solution would likely include a few profiles. The issues look deeper than something you could solve by one approach with profiles. They're questions like whether the model is everything is the same except for subtrees that are marked different, or everything is different except for subtrees that are marked the same. > Ah, OK. I can give you the use cases I am familiar with. But they are > not sexy like the WWW folks want or have. I think we have a pretty good list of problems. Let me see if I can help get a draft out and see if we missed anything. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. From nobody Thu Jul 3 17:36:24 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 438D41B2B91 for ; Thu, 3 Jul 2014 17:36:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mMEIZBztp1YC for ; Thu, 3 Jul 2014 17:36:22 -0700 (PDT) Received: from mail-ve0-x234.google.com (mail-ve0-x234.google.com [IPv6:2607:f8b0:400c:c01::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C60F1B2923 for ; Thu, 3 Jul 2014 17:36:22 -0700 (PDT) Received: by mail-ve0-f180.google.com with SMTP id jw12so992287veb.39 for ; Thu, 03 Jul 2014 17:36:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=RHCu9J0iX26lGXP2lgPlaZA5T0PUk3SG5HjkY1GPwEM=; b=VncdW58tr8lQyuotInxmWw4+XXacjuMw5vJg6L/mg27sjNGnks14EtzTL5FHTYP+MC 6jJ5ebPriDXpAnfrETJNgHP+yfJRIZhEdxRohBdHMrF0G+pKEX+o2wn5aG38vs6bOFZL qhdw+8+9FmOkx6vlplxIOkOzclenH+V8wBGYBHm9fL/F2LNAuCkCe+YA6xRQs4Uzysic lVkd257GxyhrJoMQ1V+rhHYsQo4deg3wIm0MRXUZv/es7n9THvTEgig7WYXXOhymC2IC lf1MzEEedFahc77RsfTf7sMiVZOg1LM8RjZ+/e1pUj+AAogjECi7DGHc9w7qGa1qYExU CnBQ== MIME-Version: 1.0 X-Received: by 10.58.153.4 with SMTP id vc4mr6417079veb.19.1404434180182; Thu, 03 Jul 2014 17:36:20 -0700 (PDT) Received: by 10.220.227.7 with HTTP; Thu, 3 Jul 2014 17:36:20 -0700 (PDT) In-Reply-To: References: <20140703222002.GA51076@mx1.yitter.info> <20140703225614.12420.qmail@joyce.lan> Date: Thu, 3 Jul 2014 20:36:20 -0400 Message-ID: From: Jeffrey Walton To: John R Levine Content-Type: text/plain; charset=UTF-8 Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/aOphMGcWFnJsvF7R7Roe5Yca47s Cc: dbound@ietf.org Subject: Re: [Dbound] Are there any deliverables? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: noloader@gmail.com List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jul 2014 00:36:23 -0000 >> Ah, OK. I can give you the use cases I am familiar with. But they are >> not sexy like the WWW folks want or have. > > I think we have a pretty good list of problems. Let me see if I can help > get a draft out and see if we missed anything. > Yes, please. Also, I'm not sure about this from draft-sullivan-domain-policy-authority-01: Historically, policies were sometimes based on the DNS tree. Early policies made a firm distinction between top-level domains and everything else; but this was also too naive, and later attempts were based on inferences from the domain names themselves. I think the distinction is going to be one part of the solution. There's no reason non-browser software should be matching "*.com" and "*.co.uk" by default (and friends like "www.*.com" and "www.*.co.uk"). If you asked 100 developers if that's what they wanted, I would wager the majority would not want the feature (and be surprised it was happening). Jeff From nobody Thu Jul 3 18:17:12 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F01E31A0428 for ; Thu, 3 Jul 2014 18:17:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.137 X-Spam-Level: X-Spam-Status: No, score=-1.137 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id quAz4pZCA4Vv for ; Thu, 3 Jul 2014 18:17:08 -0700 (PDT) Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF56C1A01C8 for ; Thu, 3 Jul 2014 18:17:07 -0700 (PDT) Received: (qmail 49860 invoked from network); 4 Jul 2014 01:17:06 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=c2c3.53b60092.k1407; bh=UDi0sGQpJq3n7huUGig/XyuRG9bz1fUnK2SOCwsBJog=; b=m3jxawfbjqcHz4zBB6tJkUMfS4DIxj6GGvEFFkvlZBazJrL8F4b1ffFtxCPlpnjsGc40ItmxgzVRI8uJbzzKYh3PM2Js5U23VAGALGGOkWhGWqgO3Mr84edDSo3omdjGmq7J9S36dpwUzJmvKvPe66wHQgobrI7snk5wbZYkTNAVa1cDRcpQXBjuQdhxB2tnPeeOWFKfN9OXo6ZKaOrLuwdQzQ9t3YhH0IB0amzoeGrz99LvfHTM84QCGqzTrLVo DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=c2c3.53b60092.k1407; bh=UDi0sGQpJq3n7huUGig/XyuRG9bz1fUnK2SOCwsBJog=; b=n49D4faLSy2uRUMaVAkyc8fxnoYj9gQdMY1zdLvVVge62X3cD3d0S6E3WanYTSJ+Qgl994YWOmj5dpprIt78YBWCnDc7UN1uoBsJja64mPqylZwotrGZVnlJbpRKhPtRVpKC+o66cgInw8XyNFSayKRTHQ47KlnUcojLHpxD0nOvvJXluyR0kr9bL0f1ovewqdOqPY5BBvGDMpEhOvAupFtcjuecdVp4LIrXOPIlA9SY5fgltZo7wY6t/Ci98oPQ Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 04 Jul 2014 01:17:06 -0000 Date: 3 Jul 2014 21:17:05 -0400 Message-ID: From: "John R Levine" To: "Jeffrey Walton" In-Reply-To: References: <20140703222002.GA51076@mx1.yitter.info> <20140703225614.12420.qmail@joyce.lan> User-Agent: Alpine 2.11 (BSF 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/V9DxRWXpJxiEXdQ84guHNFiyyKY Cc: dbound@ietf.org Subject: Re: [Dbound] Are there any deliverables? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jul 2014 01:17:09 -0000 > Also, I'm not sure about this from draft-sullivan-domain-policy-authority-01: > > Historically, policies were sometimes based on the DNS tree. Early > policies made a firm distinction between top-level domains and > everything else; but this was also too naive, and later attempts were > based on inferences from the domain names themselves. > > I think the distinction is going to be one part of the solution. ... That's just one approach. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. From nobody Thu Jul 3 18:41:22 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED43C1B2B9B for ; Thu, 3 Jul 2014 18:41:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xn1zdz-WOYTA for ; Thu, 3 Jul 2014 18:41:17 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 7DA271A0AE3 for ; Thu, 3 Jul 2014 18:41:17 -0700 (PDT) Received: from [192.168.13.159] (ool-6c3a0662.static.optonline.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id E5264F984; Thu, 3 Jul 2014 21:41:14 -0400 (EDT) Message-ID: <53B60638.7050302@fifthhorseman.net> Date: Thu, 03 Jul 2014 21:41:12 -0400 From: Daniel Kahn Gillmor User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Icedove/30.0 MIME-Version: 1.0 To: Joe Abley , noloader@gmail.com References: <53B5D4E0.1050202@fifthhorseman.net> In-Reply-To: <53B5D4E0.1050202@fifthhorseman.net> X-Enigmail-Version: 1.6+git0.20140323 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="DeF2Ais4QrQmBTRikhhVSiQcLHLhVAKdr" Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/XHY-_HJMXuSj2bBvNLkY96-0V_E Cc: dbound@ietf.org Subject: Re: [Dbound] Are there any deliverables? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jul 2014 01:41:20 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --DeF2Ais4QrQmBTRikhhVSiQcLHLhVAKdr Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 07/03/2014 06:10 PM, Daniel Kahn Gillmor wrote: > On 07/03/2014 05:48 PM, Joe Abley wrote: >> I think it would be useful if you could talk more about your particula= r problem statement, though. If chartered, a future dbound working group = will need all the problem statements it can get. Another place where the idea of administrative boundaries in the DNS has come up recently is in the certificate-transparency (CT) project, which is currently under the auspices of the IETF's trans working group. In particular, there is a tension in CT between zones that must be publicly logged in full (e.g. .com and .co.uk) and subordinate zones that have an interest in not being publicly enumerable. For example: the administrators of the example.com zone have a legitimate interest in ensuring that the operators of .com do not produce any extra certificates in the example.com zone which were not authorized by the example.com administrators. But they might not want to advertise every single host in the example.com zone (for the same reason that people don't offer promiscuous axfr). So the CT notaries should be willing to log pre-certificates that name .example.com, but they should not accept (or rather, CAs should not submit) certificates that name .com. The administrators of the example.com zone can monitor the public logs and look for all .example.com certificates, and they know for sure whether such a certificate was issued under their auspices. But they cannot know whether any given .com certificate was issued within their zone, so they have no way of confirming (or refuting) that a misissuance has taken place. --dkg --DeF2Ais4QrQmBTRikhhVSiQcLHLhVAKdr Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTtgY5XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcQMcP/1O6XU92JW0ZfLZri4W4Kses UysZeyGapjBxyt/gArN0G/tTX3yqyrcLMLmh8uL6f50l1L6Vc2vI/b6MFraqordf VxsWuTBHckYvU2EMrgXIlfiktcmSVWNv3AtSe6gQuP5dfHHlKqDG3hNUn78xEruT 1qj3FwXGXm2uS9s9+6GD5IajqxD/s5I1KckE7ib7mmeta3TL2FAIXKx25Ngx3lSB wnal3NGjY6J6yTthLVJbbzsK5O/PwXBbjujcUWFrjakV5wIkWWQOEiZ6d81SWu+N vCzU5EErTiwutbjD+4rhNwHEggAnGNIPJsCdxqecDgkFA30bpewTiFflv1cfd6Hy syRPV1jEXxwbmesAO4DBV6nhM9K5yzW723aS8ghlZ8gGZLq/yK8//c22qLp9rpm9 rbkPHxQCQjhUvJKESC9An/ZxNljKhP19MJZiaEhVbjzg7Z+N0u5k2vH9BEQ6O7Eg 4HlSIvxGewjb7Z1txSV57DSHQzBvddZQpJUz5BAvt5GiY+bjMh9fSiIxX2VVIqY0 u4cQqhgomL9jB1HbRrafNh7mbDdESkPqE9kMSClXTOjm6UsbreeU/VPskR+/9/iI uAIcmDo/WSbRbaTwvn6gE1CAsKZ74VXqjOSbjY23J9jjhLbuumZAYoM/sHwo0oyO XiGuZGT6rqYNcRfcdr/W =XPl7 -----END PGP SIGNATURE----- --DeF2Ais4QrQmBTRikhhVSiQcLHLhVAKdr-- From nobody Fri Jul 4 10:01:57 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75FA11A04D2 for ; Fri, 4 Jul 2014 10:01:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.259 X-Spam-Level: * X-Spam-Status: No, score=1.259 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TD8jNT_Dxs3a for ; Fri, 4 Jul 2014 10:01:51 -0700 (PDT) Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05B2F1A0331 for ; Fri, 4 Jul 2014 10:01:51 -0700 (PDT) Received: from mx1.yitter.info (c-76-118-173-172.hsd1.nh.comcast.net [76.118.173.172]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id 2D88C8A031 for ; Fri, 4 Jul 2014 17:01:50 +0000 (UTC) Date: Fri, 4 Jul 2014 13:01:48 -0400 From: Andrew Sullivan To: dbound@ietf.org Message-ID: <20140704170148.GE54035@mx1.yitter.info> References: <20140703222002.GA51076@mx1.yitter.info> <20140703225614.12420.qmail@joyce.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20140703225614.12420.qmail@joyce.lan> User-Agent: Mutt/1.5.21 (2010-09-15) Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/ki9RHqtqI1BU2Guddz8TnTcSXo0 Subject: Re: [Dbound] Are there any deliverables? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jul 2014 17:01:54 -0000 On Thu, Jul 03, 2014 at 10:56:14PM -0000, John Levine wrote: > > We'll probably do a bar BOF in Toronto, since Toronto is reputed to > have many bars. Andrew may be able to offer insight here. Supposing I were able to suggest such a bar, when are people likely to be available? I currently still appear to have part of Sunday evening after the reception open, and I can think of a place not terribly far from the meeting hotel that, on Sunday night, might actually be able to accommodate a crowd of us such that we could have a bar BoF in a bar. I might even be willing to buy a whiteboard and easel to cart along. A -- Andrew Sullivan ajs@anvilwalrusden.com From nobody Fri Jul 4 10:05:06 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81DF51A0B07 for ; Fri, 4 Jul 2014 10:05:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.762 X-Spam-Level: X-Spam-Status: No, score=0.762 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7tncB1et2qvT for ; Fri, 4 Jul 2014 10:05:03 -0700 (PDT) Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70D651A0342 for ; Fri, 4 Jul 2014 10:05:03 -0700 (PDT) Received: (qmail 96194 invoked from network); 4 Jul 2014 17:05:02 -0000 Received: from miucha.iecc.com (64.57.183.18) by mail1.iecc.com with QMQP; 4 Jul 2014 17:05:02 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=60bf.53b6debe.k1406; i=johnl@user.iecc.com; bh=J4UuN8o2H3wcT1tUHaEr22FHrgxtqEc7aeKmMgKBQbU=; b=BmQFWVamzK5+2gu5Nyn2RkDjjyyYWIWxjsTG9hS6lsBPnq6M0BvXyEIoP8UYNw7kymlMXzoNY1AFWgpf0cTKM6fTHiR4g+r6UvrAyFrzWRTTkExbjWfNLHz/BqdcBR0sbOBTIYmsK/x2DQrgBlQybSTQ/VBXyvrRwpuOAaxh8prX1Qc0oBFyLZ0Ta1FITRUbjaAjyG26whk1mehc+zrXC4/Bl8jKGIATPRnyAty/ZDQf5FgcNzNzganGHdx3ZCAy DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=60bf.53b6debe.k1406; olt=johnl@user.iecc.com; bh=J4UuN8o2H3wcT1tUHaEr22FHrgxtqEc7aeKmMgKBQbU=; b=Ylf9aJMxPfbubt1KfmsnEGdRFF58/ZLcSj+PQVhoz6kS90zMJbmi0awLCMdrn8pmC5lHmufsZK0AGoDSqRXDmZuvKR44uqN03O1cpPCJbP0n5Ji7TJSD3MlUBJJZF4pMFpcAoqsLSVWy6zIGHtMxf3mfaTWLMGRSqeZuWYpQLzLzKO+rnAQuScDtHlrlnWyn8YaLxikaXxJj8h1aFpMFFmNuPzApNBV25kzI+tBkM7ylqOUGpDLx90dNxiQmx2P8 Date: 4 Jul 2014 17:04:40 -0000 Message-ID: <20140704170440.24766.qmail@joyce.lan> From: "John Levine" To: dbound@ietf.org In-Reply-To: <20140704170148.GE54035@mx1.yitter.info> Organization: X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/cnrt1BwcbMYPvcncAhAD81S3xkE Cc: ajs@anvilwalrusden.com Subject: Re: [Dbound] Are there any deliverables? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jul 2014 17:05:04 -0000 >> We'll probably do a bar BOF in Toronto, since Toronto is reputed to >> have many bars. Andrew may be able to offer insight here. >from the meeting hotel that, on Sunday night, might actually be able I'm driving up, I can be there whenever I need to be. R's, John From nobody Fri Jul 4 18:53:32 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AFE31A019A for ; Fri, 4 Jul 2014 18:53:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FKF-PAJaVdIU for ; Fri, 4 Jul 2014 18:53:29 -0700 (PDT) Received: from mail-vc0-x232.google.com (mail-vc0-x232.google.com [IPv6:2607:f8b0:400c:c03::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2966C1A00FF for ; Fri, 4 Jul 2014 18:53:29 -0700 (PDT) Received: by mail-vc0-f178.google.com with SMTP id ij19so2061805vcb.23 for ; Fri, 04 Jul 2014 18:53:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:date:message-id:subject:from:to:content-type; bh=LujRK5AR7h/KkN4PaIHbfpIbHe2r+KD7ipdD2thuPrk=; b=cw/PTZmO0XI+JrlZx60iCOs8oqBHUHL+gZ4dZOsuqmPPVeueC+kpi28DzXgolOuX2s faI48So0RTH7pybhUTuNTbYajPlqZAFBK7jJnlGmctCuQVHB31dHm8QU74i8GIvnC1MU pmKqGCYgbYLKNv+JtjNgbP3iQ1dNv+zoDXSfLlbVWwavJ0zGwoutvEVOqa2vcOXMLoCR uNYREIs60eyQ92AASG5h0aFJl/w4PCFWOy6wNPHiMX3e/xCOCfbKhnsJ+xBbJkrkeZJo VKmlGXqPOexeC2TLm6b29Sw6Hi43IXIVZQuBxv4XJbCa1Ju7V4wDadd48kwzLTmWnrnX FRzA== MIME-Version: 1.0 X-Received: by 10.58.119.75 with SMTP id ks11mr12886156veb.20.1404525207972; Fri, 04 Jul 2014 18:53:27 -0700 (PDT) Received: by 10.220.227.7 with HTTP; Fri, 4 Jul 2014 18:53:27 -0700 (PDT) Date: Fri, 4 Jul 2014 21:53:27 -0400 Message-ID: From: Jeffrey Walton To: dbound@ietf.org Content-Type: text/plain; charset=UTF-8 Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/B9HyzG-WV2ey1WKLixPGxRzngR0 Subject: [Dbound] Online vs Offline modes X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: noloader@gmail.com List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Jul 2014 01:53:30 -0000 I think one thing to consider with the Dbound is online vs offline modes. It looks like the two drafts [1,2] both have online requirements. I don't mind the online requirement when collecting information or building a list as a prep step to compiling my program. But when my program operates in the field, I want to avoid going online. The extra online query is an additional point of network failure. Plus, I don't know that I'm getting an authentic answer under many circumstances. I can tolerate the potential failures when gathering information or building a list. But at runtime, I don't want to introduce the additional risks. This might be a unrealistic requirement when solving the general problem, but I think its reasonable in my case. My case is validating host name data in an X509 certificate with an emphasis on catching wildcards in gTLDs and ccTLDs. I'm less concerned about administrative boundaries in subdomains. [1] draft-levine-orgboundary [2] draft-sullivan-domain-policy-authority From nobody Mon Jul 7 05:34:58 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C63721B283F for ; Mon, 7 Jul 2014 05:34:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.278 X-Spam-Level: X-Spam-Status: No, score=-3.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2OPxpUFDZWft for ; Mon, 7 Jul 2014 05:34:53 -0700 (PDT) Received: from smtp.mozilla.org (mx1.corp.phx1.mozilla.com [63.245.216.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9BBE1B282C for ; Mon, 7 Jul 2014 05:34:53 -0700 (PDT) Received: from [192.168.0.101] (93.243.187.81.in-addr.arpa [81.187.243.93]) (Authenticated sender: gerv@mozilla.org) by mx1.mail.corp.phx1.mozilla.com (Postfix) with ESMTPSA id 670DDF217D; Mon, 7 Jul 2014 05:34:52 -0700 (PDT) Message-ID: <53BA93EA.6070902@mozilla.org> Date: Mon, 07 Jul 2014 13:34:50 +0100 From: Gervase Markham User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.0 MIME-Version: 1.0 To: noloader@gmail.com, dbound@ietf.org References: In-Reply-To: X-Enigmail-Version: 1.7a1pre OpenPGP: id=9DF43DBB Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/XQjVs_mR2B0vA4algRi_WAbOA_I Subject: Re: [Dbound] Online vs Offline modes X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jul 2014 12:34:56 -0000 On 05/07/14 02:53, Jeffrey Walton wrote: > It looks like the two drafts [1,2] both have online requirements. I > don't mind the online requirement when collecting information or > building a list as a prep step to compiling my program. But when my > program operates in the field, I want to avoid going online. This is the same for browsers, for performance and reliability reasons. There are large efforts going on to reduce or remove side-lookups (e.g. OCSP) when browsing. Adding new ones is not a step forward. Gerv From nobody Mon Jul 7 05:44:47 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F4231B284D for ; Mon, 7 Jul 2014 05:44:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.278 X-Spam-Level: X-Spam-Status: No, score=-3.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h22ja2TTAXxq for ; Mon, 7 Jul 2014 05:44:43 -0700 (PDT) Received: from smtp.mozilla.org (mx2.corp.phx1.mozilla.com [63.245.216.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0BFA1B2845 for ; Mon, 7 Jul 2014 05:44:42 -0700 (PDT) Received: from [192.168.0.101] (93.243.187.81.in-addr.arpa [81.187.243.93]) (Authenticated sender: gerv@mozilla.org) by mx2.mail.corp.phx1.mozilla.com (Postfix) with ESMTPSA id 75320F24B0; Mon, 7 Jul 2014 05:44:41 -0700 (PDT) Message-ID: <53BA9637.2040002@mozilla.org> Date: Mon, 07 Jul 2014 13:44:39 +0100 From: Gervase Markham User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.0 MIME-Version: 1.0 To: noloader@gmail.com, Joe Abley References: In-Reply-To: X-Enigmail-Version: 1.7a1pre OpenPGP: id=9DF43DBB Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/Amb5HXi90FFXfgiuL2zew5gC4rY Cc: dbound@ietf.org Subject: Re: [Dbound] Are there any deliverables? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jul 2014 12:44:46 -0000 On 04/07/14 00:22, Jeffrey Walton wrote: > One of the negative cases that has me concerned: I connect to > example.com, the certificate has a SAN (or CN) of "*.com", and the > verification succeeds. Intuitively, we know that no one entity is > responsible for all of *.COM, ...and the PSL is the best effort currently available to help a computer understand what you know "intuitively". :-) yet many libraries don't fail the check > because its not explicitly prohibited in an RFC (like 5280 or 6125). If you come across such a certificate, send it to us, and we'll give the CA a serious beating. > Here's another negative case that has me concerned: I connect to > www.example.com, the certificate has a SAN (or CN) of "www.*.com", and > the verification succeeds. Again, many libraries don't fail the check > because its not expressly prohibited in an RFC (like 5280 or 6125). All modern browsers don't allow wildcards except in the terminal position. I don't know of any libraries which do allow this; can you name some? > Some libraries have a "two label" rule, but the two label rule is not > enough to catch the ccTLDs. Which is why browsers gave up on that rule :-) Gerv From nobody Mon Jul 7 08:13:47 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C74831A02F8 for ; Mon, 7 Jul 2014 08:13:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.141 X-Spam-Level: X-Spam-Status: No, score=-0.141 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BXxorv06qCkg for ; Mon, 7 Jul 2014 08:13:45 -0700 (PDT) Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2E881A02EF for ; Mon, 7 Jul 2014 08:13:45 -0700 (PDT) Received: from mx1.yitter.info (nat-07-mht.dyndns.com [216.146.45.246]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id 513AB8A031 for ; Mon, 7 Jul 2014 15:13:44 +0000 (UTC) Date: Mon, 7 Jul 2014 11:13:41 -0400 From: Andrew Sullivan To: dbound@ietf.org Message-ID: <20140707151341.GB56530@mx1.yitter.info> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/G01D6jEXw_HtcYI0Zotu4TMWA8Q Subject: Re: [Dbound] Online vs Offline modes X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jul 2014 15:13:47 -0000 On Fri, Jul 04, 2014 at 09:53:27PM -0400, Jeffrey Walton wrote: > It looks like the two drafts [1,2] both have online requirements. I > don't mind the online requirement when collecting information or > building a list as a prep step to compiling my program. But when my > program operates in the field, I want to avoid going online. What I've actually been assuming will happen, at least in the case of SOPA, is that there'll be a PSL in consumer-use programs, and it will be updated and maintained opportunistically using SOPA records. In other words, you don't have an online requirement in practice, but you use the online mode for maintenance when you have it. I can't imagine that any web browser, for instance, is going to tolerate the additional latency that would be imposed by having to do the additional lookup. But you might do an additional lookup to find out if an arrangement is more permissive than you assumed, or something like that. > Plus, I don't know that I'm getting an authentic answer under many > circumstances. I don't understand this claim. You're getting exactly as authentic an answer as you ever get from the DNS. If you need strong authentication of the answer, surely you should be using DNSSEC, no? Best regards, A -- Andrew Sullivan ajs@anvilwalrusden.com From nobody Mon Jul 7 12:52:39 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31E041B28AB for ; Mon, 7 Jul 2014 12:52:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.762 X-Spam-Level: X-Spam-Status: No, score=0.762 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DfW1KALhhGK1 for ; Mon, 7 Jul 2014 12:52:36 -0700 (PDT) Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0BF821B28C0 for ; Mon, 7 Jul 2014 12:52:35 -0700 (PDT) Received: (qmail 99558 invoked from network); 7 Jul 2014 19:52:34 -0000 Received: from miucha.iecc.com (64.57.183.18) by mail1.iecc.com with QMQP; 7 Jul 2014 19:52:34 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=10ff3.53bafa82.k1406; i=johnl@user.iecc.com; bh=ror6INdVOMZMLcrBtXS70bO78gRvOJq1zuSsyTYUX3Y=; b=QNM/zOMlHy0OTS/2ZTgJ+kUsjWiRcOsUhr98HG9rX20F0UrqyLd/TWsYyq1XlWKEuQNQdbJ8kixuPRbTAilAawnxOI0LX3KYACzhc2sM2zr0o2SKAJ0OnbEcDYSYYqTAyD77/T6V+v3qe/XvV/myqxGaVSLuHMQcpO5y15VsB2LACmr2o6/BbYSyePxUlABpTCJ9lER515gOwsJVEU4Wf2wV734tnz7PZImG+fkPGaJeADPZWuUPhhLT9/K7RbYd DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=10ff3.53bafa82.k1406; olt=johnl@user.iecc.com; bh=ror6INdVOMZMLcrBtXS70bO78gRvOJq1zuSsyTYUX3Y=; b=umX0zX+1DLPpWCh54C+8pf9zYQAu9wgJfdbgtDdQDeDTTddiOdajeB3W8WNwXWlQm4zqcT2fDTpBekEJt/3hItybPT9c4uVSy01rESvwQaISHlIcLhpaRE5ZD7+zBEXYYwgcmH86wIjxIBsMEC20+QmcZIHV2AYetOz8lvtkPk01Pf6r1AK4QeySNHBzrSbhTY3AzKSyCjBk0AbGEexQe0/Nz2l75rAcsbgTqQ0OJDzaNH/06522WL+/Huwum8Mq Date: 7 Jul 2014 19:52:12 -0000 Message-ID: <20140707195212.69618.qmail@joyce.lan> From: "John Levine" To: dbound@ietf.org In-Reply-To: <53BA93EA.6070902@mozilla.org> Organization: X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/OxjKERYJciyMariK93qpnbF_cHs Cc: gerv@mozilla.org Subject: Re: [Dbound] Online vs Offline modes X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jul 2014 19:52:37 -0000 >This is the same for browsers, for performance and reliability reasons. >There are large efforts going on to reduce or remove side-lookups (e.g. >OCSP) when browsing. Adding new ones is not a step forward. In general I agree with you, but I think there's a meaningful difference between a single DNS query and OCSP, which is a full http transaction. R's, John From nobody Mon Jul 7 12:58:03 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BEF21B28C9 for ; Mon, 7 Jul 2014 12:58:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.076 X-Spam-Level: X-Spam-Status: No, score=-5.076 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, URI_OBFU_WWW=2.475] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 061O0PTUFVsD for ; Mon, 7 Jul 2014 12:58:00 -0700 (PDT) Received: from tus1smtoutpex02.symantec.com (tus1smtoutpex02.symantec.com [216.10.195.242]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD4CF1B289C for ; Mon, 7 Jul 2014 12:58:00 -0700 (PDT) X-AuditID: d80ac3f2-f79de6d000003fee-57-53bafbc86812 Received: from tus1smtintpin02.ges.symantec.com (tus1smtintpin02.ges.symantec.com [192.168.215.102]) by tus1smtoutpex02.symantec.com (Symantec Brightmail Gateway out) with SMTP id 3E.FC.16366.8CBFAB35; Mon, 7 Jul 2014 20:58:00 +0100 (BST) Received: from [155.64.220.138] (helo=TUS1XCHHUBPIN02.SYMC.SYMANTEC.COM) by tus1smtintpin02.ges.symantec.com with esmtp (Exim 4.76) (envelope-from ) id 1X4F32-0005tO-1W; Mon, 07 Jul 2014 19:58:00 +0000 Received: from TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM ([155.64.220.147]) by TUS1XCHHUBPIN02.SYMC.SYMANTEC.COM ([155.64.220.138]) with mapi; Mon, 7 Jul 2014 12:58:00 -0700 From: Rick Andrews To: Gervase Markham , "noloader@gmail.com" , Joe Abley Date: Mon, 7 Jul 2014 12:57:59 -0700 Thread-Topic: [Dbound] Are there any deliverables? Thread-Index: Ac+aFbJpuPQ5hKjsQSCgLxSQY9l42AAB+Kfg Message-ID: <544B0DD62A64C1448B2DA253C011414607CCE6A59A@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> References: <53BA9637.2040002@mozilla.org> In-Reply-To: <53BA9637.2040002@mozilla.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrHIsWRmVeSWpSXmKPExsVyYMX1NN0Tv3cFG9ydzmWx6/I1dos9O64x WUz+dwnIerSFxYHFY+esu+wed3sTPZYs+cnksfrSFdYAligum5TUnMyy1CJ9uwSujOvH7rAU nGGtmLr4EGMD4w7WLkZODgkBE4nFR5ayQNhiEhfurWcDsYUEPjJKtJ/k7mLkArJfMUrMfXuc DcJZySix4+ZjRpAqNgE9iS2Pr7CD2CICxRKvnr8Cm8QsoC7Rs247mM0ioCIx5VMvWL2wgKHE tOWPWCHqjSTau3/D2avvLWUGsXkFoiQW915mhFj2hlFi1rs1YIM4BbQlVtz8CjaIEejU76fW MEEsE5e49WQ+E8QLAhJL9pxnhrBFJV4+/scKUS8qcad9PVAvB1C9psT6XfoQrYoSU7ofskPs FZQ4OfMJywRG8VlIps5C6JiFpGMWko4FjCyrGGVKSosNi3NL8ktLClIrDIz0iitzE4FxmKyX nJ+7iREYize4Dn/awThzr+MhRgEORiUeXoVfu4KFWBPLgCoPMUpwMCuJ8K5YDhTiTUmsrEot yo8vKs1JLT7EKM3BoiTOGz5hbbCQQHpiSWp2ampBahFMlomDU6qBsX5u/F+Hk+5KEzsm60/Y 2pfXb7H4zMRWgakRfe5hPj+F5tdZ3rx05xBLYLRYR8qcT57HD4mHmXNKTk5mEJqtKfB1R4xU Q8PRY341XPcm8bcd+S5d5p3R01XTG8p5+lOZm2JG/58tD6dMbT13yz285etFtvVO1/I62d8p rObuvyuQ7FUcbculxFKckWioxVxUnAgAeuOUQcECAAA= Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/B70osAtJB7zwIJxTiS3xNb0kD_4 Cc: "dbound@ietf.org" Subject: Re: [Dbound] Are there any deliverables? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jul 2014 19:58:02 -0000 R2VydiwgTWljcm9zb2Z0J3MgU0NoYW5uZWwgYWxsb3dzIHcqLmV4YW1wbGUuY29tIGFuZCB3dyou ZXhhbXBsZS5jb20uDQoNCmh0dHA6Ly9zdXBwb3J0Lm1pY3Jvc29mdC5jb20va2IvMjU4ODU4DQoN Ci1SaWNrDQoNCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBHZXJ2YXNlIE1hcmto YW0gW21haWx0bzpnZXJ2QG1vemlsbGEub3JnXSANClNlbnQ6IE1vbmRheSwgSnVseSAwNywgMjAx NCA1OjQ1IEFNDQpUbzogbm9sb2FkZXJAZ21haWwuY29tOyBKb2UgQWJsZXkNCkNjOiBkYm91bmRA aWV0Zi5vcmcNClN1YmplY3Q6IFJlOiBbRGJvdW5kXSBBcmUgdGhlcmUgYW55IGRlbGl2ZXJhYmxl cz8NCg0KLi4uDQoNCkFsbCBtb2Rlcm4gYnJvd3NlcnMgZG9uJ3QgYWxsb3cgd2lsZGNhcmRzIGV4 Y2VwdCBpbiB0aGUgdGVybWluYWwgcG9zaXRpb24uIEkgZG9uJ3Qga25vdyBvZiBhbnkgbGlicmFy aWVzIHdoaWNoIGRvIGFsbG93IHRoaXM7IGNhbiB5b3UgbmFtZSBzb21lPw0KDQouLi4NCg0KR2Vy dg0KDQoNCg== From nobody Mon Jul 7 13:01:27 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D3111B28E6 for ; Mon, 7 Jul 2014 13:01:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.803 X-Spam-Level: X-Spam-Status: No, score=-0.803 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311, RCVD_IN_DNSWL_MED=-2.3, URI_OBFU_WWW=2.475] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DoXCZviGHBUQ for ; Mon, 7 Jul 2014 13:01:23 -0700 (PDT) Received: from smtp.mozilla.org (mx2.corp.phx1.mozilla.com [63.245.216.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 749881B28B6 for ; Mon, 7 Jul 2014 13:01:19 -0700 (PDT) Received: from [192.168.0.101] (93.243.187.81.in-addr.arpa [81.187.243.93]) (Authenticated sender: gerv@mozilla.org) by mx2.mail.corp.phx1.mozilla.com (Postfix) with ESMTPSA id 3A2F5F2581; Mon, 7 Jul 2014 13:01:16 -0700 (PDT) Message-ID: <53BAFC8B.8060601@mozilla.org> Date: Mon, 07 Jul 2014 21:01:15 +0100 From: Gervase Markham User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.0 MIME-Version: 1.0 To: Rick Andrews , "noloader@gmail.com" , Joe Abley References: <53BA9637.2040002@mozilla.org> <544B0DD62A64C1448B2DA253C011414607CCE6A59A@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> In-Reply-To: <544B0DD62A64C1448B2DA253C011414607CCE6A59A@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> X-Enigmail-Version: 1.7a1pre OpenPGP: id=9DF43DBB Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/cQXRvGYxVFmvOCb-XoM3bwYysPo Cc: "dbound@ietf.org" Subject: Re: [Dbound] Are there any deliverables? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jul 2014 20:01:25 -0000 On 07/07/14 20:57, Rick Andrews wrote: > Gerv, Microsoft's SChannel allows w*.example.com and ww*.example.com. > > http://support.microsoft.com/kb/258858 Wow. Didn't know that. Thanks :-) Gerv From nobody Mon Jul 7 14:04:27 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E0191B28DA for ; Mon, 7 Jul 2014 14:04:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.498 X-Spam-Level: X-Spam-Status: No, score=0.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, URI_OBFU_WWW=2.475] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PH7t0RA6C_k7 for ; Mon, 7 Jul 2014 14:04:23 -0700 (PDT) Received: from mail-oa0-f42.google.com (mail-oa0-f42.google.com [209.85.219.42]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 996A31B28CC for ; Mon, 7 Jul 2014 14:04:23 -0700 (PDT) Received: by mail-oa0-f42.google.com with SMTP id eb12so5384817oac.1 for ; Mon, 07 Jul 2014 14:04:23 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=15EsPRkW3F52nQJ9mATesX5dMoyLym0IWKzdECnPjao=; b=aoLfcGaCrwMgtlzS19sOu33wRptwlCYC3k/b0tSkrfeFWXbSnsLKHkNxBfNmDMge+F XIjX0ha5VLHKvi+4z/FjCY44yaJJig9VbMDvNprBYBgqSVgp93ZnnGWw+de182i3hfMS VijAON++fpB0bbTPyGZd59LBFa40lvY2kggCpF58QOIisy4/rKjONCoxSsAV/VmoTBVN riH0goKBf9o+Q3h7PVRQ/gSZd8/LNg8IfOE+GR1eUGmouBFTsRxAecEUYRhAWnfpK2GZ vKpHVr59sOOgL6lXNQvN/bY+MAmV3diDfIlMeknPGpmvK/jPQJCt57Ke5LFaoPW8RwfH Dniw== X-Gm-Message-State: ALoCoQn/H7D2q0sFcP5+bwpxgg6AngSY3/p6qlvAhN7Ky7NP23RJR1vKyt3GTMbV4ziP8FJSdPGw X-Received: by 10.182.20.16 with SMTP id j16mr7416551obe.22.1404767062974; Mon, 07 Jul 2014 14:04:22 -0700 (PDT) MIME-Version: 1.0 Received: by 10.182.224.168 with HTTP; Mon, 7 Jul 2014 14:03:52 -0700 (PDT) In-Reply-To: <544B0DD62A64C1448B2DA253C011414607CCE6A59A@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> References: <53BA9637.2040002@mozilla.org> <544B0DD62A64C1448B2DA253C011414607CCE6A59A@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> From: Jothan Frakes Date: Mon, 7 Jul 2014 14:03:52 -0700 Message-ID: To: Rick Andrews Content-Type: multipart/alternative; boundary=001a11330d68c7f23e04fda0d114 Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/LxIAdIiTr4ZytBCoQ6TSFiG72gM Cc: "noloader@gmail.com" , Gervase Markham , Joe Abley , "dbound@ietf.org" Subject: Re: [Dbound] Are there any deliverables? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jul 2014 21:04:24 -0000 --001a11330d68c7f23e04fda0d114 Content-Type: text/plain; charset=UTF-8 Wow, Rick, I did not know that about IE. It appears to allow "to end of line". This makes some sense from a practical standpoint, as it would address many load-balancing scenarios. Jothan Frakes Tel: +1.206-355-0230 On Mon, Jul 7, 2014 at 12:57 PM, Rick Andrews wrote: > Gerv, Microsoft's SChannel allows w*.example.com and ww*.example.com. > > http://support.microsoft.com/kb/258858 > > -Rick > > -----Original Message----- > From: Gervase Markham [mailto:gerv@mozilla.org] > Sent: Monday, July 07, 2014 5:45 AM > To: noloader@gmail.com; Joe Abley > Cc: dbound@ietf.org > Subject: Re: [Dbound] Are there any deliverables? > > ... > > All modern browsers don't allow wildcards except in the terminal position. > I don't know of any libraries which do allow this; can you name some? > > ... > > Gerv > > > _______________________________________________ > Dbound mailing list > Dbound@ietf.org > https://www.ietf.org/mailman/listinfo/dbound > --001a11330d68c7f23e04fda0d114 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Wow, Rick, I did not know that about IE. =C2=A0It appears = to allow "to end of line". =C2=A0This makes some sense from a pra= ctical standpoint, as it would address many load-balancing =C2=A0scenarios.=


Jothan Frakes
Tel: +1.206-35= 5-0230



On Mon, Jul 7, 2014 at 12:57 PM, Rick An= drews <Rick_Andrews@symantec.com> wrote:
Gerv, Microsoft's SChannel allows w*.example.com and ww*.example.com.

http:/= /support.microsoft.com/kb/258858

-Rick

-----Original Message-----
From: Gervase Markham [mailto:gerv@mozi= lla.org]
Sent: Monday, July 07, 2014 5:45 AM
To: noloader@gmail.com; Joe Abley=
Cc: dbound@ietf.org
Subject: Re: [Dbound] Are there any deliverables?

...

All modern browsers don't allow wildcards except in the terminal positi= on. I don't know of any libraries which do allow this; can you name som= e?

...

Gerv


_______________________________________________
Dbound mailing list
Dbound@ietf.org
= https://www.ietf.org/mailman/listinfo/dbound

--001a11330d68c7f23e04fda0d114-- From nobody Mon Jul 7 15:28:54 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E4591B28B7 for ; Mon, 7 Jul 2014 15:28:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.475 X-Spam-Level: X-Spam-Status: No, score=0.475 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001, URI_OBFU_WWW=2.475] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E-HJwdJTcDeG for ; Mon, 7 Jul 2014 15:28:51 -0700 (PDT) Received: from mail-vc0-x234.google.com (mail-vc0-x234.google.com [IPv6:2607:f8b0:400c:c03::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C6351A0AAD for ; Mon, 7 Jul 2014 15:28:51 -0700 (PDT) Received: by mail-vc0-f180.google.com with SMTP id im17so4694447vcb.11 for ; Mon, 07 Jul 2014 15:28:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=Rj5ElQG8eb1Das9e6GYVR9D5kVJORW/gVIn4dq73QnI=; b=DpXF1WCuA8V1rtfX1bz5wz9xc9W8SQTwZk1NYXKbPVvqIDjTtUbia6DMQMrp/yEnQw ydNYFagkIo7sZQpfNa0s2TVuLs2c90dZtdtINYxOk3tEzPBlQMtUCjGKYJAj7SrjDaU1 B2wIXjv/FMLkKB3zql279gKo2UYbM3q9aIk/Ue61CK6BeVUs2T8srpkp8vAMm3oTaltk nFkQmEzHsCGaluyB3qVwNw5Rdg8ESI0B0h3K8i8R/lsWh1eLY9eorJIwMloDdG5ETU5u G4S2opa81kkQetaW/biVDmQy23tUwxxFlkC/Fm6Tyu41JlmOKlDSUOCJUuGwZcr5B2Nw Z8kA== MIME-Version: 1.0 X-Received: by 10.52.189.161 with SMTP id gj1mr25170681vdc.2.1404772130543; Mon, 07 Jul 2014 15:28:50 -0700 (PDT) Received: by 10.220.227.7 with HTTP; Mon, 7 Jul 2014 15:28:50 -0700 (PDT) In-Reply-To: <544B0DD62A64C1448B2DA253C011414607CCE6A59A@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> References: <53BA9637.2040002@mozilla.org> <544B0DD62A64C1448B2DA253C011414607CCE6A59A@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> Date: Mon, 7 Jul 2014 18:28:50 -0400 Message-ID: From: Jeffrey Walton To: Rick Andrews Content-Type: text/plain; charset=UTF-8 Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/SHoL4O1Wxgp2swMBQjhmwbL1xDY Cc: "dbound@ietf.org" Subject: Re: [Dbound] Are there any deliverables? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: noloader@gmail.com List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jul 2014 22:28:53 -0000 On Mon, Jul 7, 2014 at 3:57 PM, Rick Andrews wrote: > Gerv, Microsoft's SChannel allows w*.example.com and ww*.example.com. > > http://support.microsoft.com/kb/258858 So will OpenSSL when hostname verification is added in 1.1.0. Hostname matching and verification is not currently available/performed in OpenSSL 1.0.2 or down level. (I hope that it was not a shock to the readers ;) At the moment, OpenSSL's pattern matching behavior is to allow the asterisk as a prefix or suffix in the label; and allow a asterisk in an arbirary location. The default behavior must be modified with X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS (to stop 'w*' and '*w'). I don't believe there's anything to suppress a match in an arbitrary location (i.e., 'www.*.co.uk'). Oh, and the APIs to set the flags is *not* supposed to be called by applications ;) See http://www.openssl.org/docs/crypto/X509_check_host.html. And a discuassion at "Hostname checking and X509_check_host", http://marc.info/?t=140436243100002&r=1&w=2. Jeff > -----Original Message----- > From: Gervase Markham [mailto:gerv@mozilla.org] > Sent: Monday, July 07, 2014 5:45 AM > To: noloader@gmail.com; Joe Abley > Cc: dbound@ietf.org > Subject: Re: [Dbound] Are there any deliverables? > > ... > > All modern browsers don't allow wildcards except in the terminal position. I don't know of any libraries which do allow this; can you name some? > From nobody Mon Jul 7 19:54:49 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C68921A00D6 for ; Mon, 7 Jul 2014 19:54:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oth0RSTW_HWu for ; Mon, 7 Jul 2014 19:54:46 -0700 (PDT) Received: from mail-vc0-x22d.google.com (mail-vc0-x22d.google.com [IPv6:2607:f8b0:400c:c03::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49A7F1B28C7 for ; Mon, 7 Jul 2014 19:54:46 -0700 (PDT) Received: by mail-vc0-f173.google.com with SMTP id lf12so4785094vcb.4 for ; Mon, 07 Jul 2014 19:54:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=+2Pczktyz8Wz55dUEyCfB7i1EGs7j+XD4Ol7DKGHxA0=; b=VOK/ja7pzucLqEHWfqlfmXm/VlDZk5KXui9+7LfKIUBPwZjAwyGG+hkI1shfrEqToL ylgIJdiF4jPoprhOzIwMGGIKcte+eMX+ITffq3hgOnCN+aWmAendm4NN01UL3oVA/fwb ZB4Z5bGU2y3pBY5KstXqaPxPW5wBV7/T8OxihjRz42qQeNF+j4zc0r4nQoXAazGxOJEU 0qxsa7VWEjyWyYKORbtuXne7O9Ucjf/DUcVlVZ9W16lG2JSC0FtlBcHp2UIdhOeCmCdt hTg3p+tFOmdfC4ChiQmDXHH5iRWU8tYj/REbobcp3AO0uq4ernPzOT/n1xW2ZCzElr0+ rGgg== MIME-Version: 1.0 X-Received: by 10.58.188.199 with SMTP id gc7mr31151136vec.4.1404788085376; Mon, 07 Jul 2014 19:54:45 -0700 (PDT) Received: by 10.220.227.7 with HTTP; Mon, 7 Jul 2014 19:54:45 -0700 (PDT) In-Reply-To: <20140707151341.GB56530@mx1.yitter.info> References: <20140707151341.GB56530@mx1.yitter.info> Date: Mon, 7 Jul 2014 22:54:45 -0400 Message-ID: From: Jeffrey Walton To: Andrew Sullivan Content-Type: text/plain; charset=UTF-8 Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/lmWRdJjRAb_CBmVxl2x3t7P_dZo Cc: "dbound@ietf.org" Subject: Re: [Dbound] Online vs Offline modes X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: noloader@gmail.com List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2014 02:54:47 -0000 Hi Andrew, >> Plus, I don't know that I'm getting an authentic answer under many >> circumstances. > > I don't understand this claim. You're getting exactly as authentic an > answer as you ever get from the DNS. If you need strong > authentication of the answer, surely you should be using DNSSEC, no? Embarrassingly, I can't tell you what the default behavior is for .Net, Python, PERL, Cocoa, Java and friends. Shooting from the hip, I'm guessing they are *not* using DNSSEC to authenticate queries. That means I get whatever goodness comes from the cable or wifi hotspot provider. My solution is primitive: don't use DNS. I gather the information at compile time and build it into the program. Then, use a trusted distribution channel to ensure the data is not tampered. That reduces the number of potential failures to one (the list that's built prior to compiling). Jeff From nobody Tue Jul 8 02:47:35 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E78C1B2A74 for ; Tue, 8 Jul 2014 02:47:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.278 X-Spam-Level: X-Spam-Status: No, score=-3.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lobvpBFRW0XD for ; Tue, 8 Jul 2014 02:47:32 -0700 (PDT) Received: from smtp.mozilla.org (mx2.corp.phx1.mozilla.com [63.245.216.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B34E21B2AB3 for ; Tue, 8 Jul 2014 02:47:29 -0700 (PDT) Received: from [192.168.0.101] (93.243.187.81.in-addr.arpa [81.187.243.93]) (Authenticated sender: gerv@mozilla.org) by mx2.mail.corp.phx1.mozilla.com (Postfix) with ESMTPSA id 1301DF2560; Tue, 8 Jul 2014 02:47:27 -0700 (PDT) Message-ID: <53BBBE2D.6090003@mozilla.org> Date: Tue, 08 Jul 2014 10:47:25 +0100 From: Gervase Markham User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.0 MIME-Version: 1.0 To: noloader@gmail.com, Rick Andrews References: <53BA9637.2040002@mozilla.org> <544B0DD62A64C1448B2DA253C011414607CCE6A59A@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> In-Reply-To: X-Enigmail-Version: 1.7a1pre OpenPGP: id=9DF43DBB Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/ZkFhsBiiOseWn7sF55eiJOsbPYg Cc: "dbound@ietf.org" Subject: Re: [Dbound] Are there any deliverables? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2014 09:47:34 -0000 On 07/07/14 23:28, Jeffrey Walton wrote: > At the moment, OpenSSL's pattern matching behavior is to allow the > asterisk as a prefix or suffix in the label; and allow a asterisk in > an arbirary location. The default behavior must be modified with > X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS (to stop 'w*' and '*w'). I don't > believe there's anything to suppress a match in an arbitrary location > (i.e., 'www.*.co.uk'). The CAB Forum Baseline Requirements define a Wildcard Certificate as: "A Certificate containing an asterisk (*) in the left-most position of any of the Subject Fully-Qualified Domain Names contained in the Certificate." https://cabforum.org/wp-content/uploads/Baseline_Requirements_V1_1_8.pdf So my understanding is that issuing certs which have wildcards in positions other than "the (entire) left-most position" is not permitted under the BRs, and so as time goes on and older certs expire, should not be seen on the publicly-trusted secure web. Gerv From nobody Tue Jul 8 07:37:46 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E4B71B27B8 for ; Tue, 8 Jul 2014 07:37:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y5HTRLQlcT7Z for ; Tue, 8 Jul 2014 07:37:43 -0700 (PDT) Received: from mail-ve0-x229.google.com (mail-ve0-x229.google.com [IPv6:2607:f8b0:400c:c01::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D496A1B2AE0 for ; Tue, 8 Jul 2014 07:37:42 -0700 (PDT) Received: by mail-ve0-f169.google.com with SMTP id pa12so5738381veb.14 for ; Tue, 08 Jul 2014 07:37:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=QTsTFbiiIDkccVhWWWwbPFf2XgdeIj/eNQsfyryqD1c=; b=U9oBDgMD12nsg8UFVIeFwyQJo8tglEDLaKsjDNjz4UVaAIJvNAo6sm/tQP7B9eW/8r DRt5u0Itob7boh3/Qg4USIp8LvJ4wDNYKTA/zQxooMZ0HKlQRxp6jP7KZQd6Lt8QAvxk 3rv0kLPEkGCkar8NV64BHdL+4uVeccSoCVs6ot6xhlgxIDV84CkqejRCNQulKgFPXEM3 GOuxdKtl34XOzXjT9NQtlpknllvYSPui+60VWvloginGW7O4yrWA50FVJbpg6KvPJhoK bBCb1ieujjJU6HR7J1p7EX2YK87eMhN9KZBBmEMZLB4WkldZk0StwsatZ6IAxvjaaQHO q8Pg== MIME-Version: 1.0 X-Received: by 10.52.17.129 with SMTP id o1mr28762324vdd.0.1404830261871; Tue, 08 Jul 2014 07:37:41 -0700 (PDT) Received: by 10.220.227.7 with HTTP; Tue, 8 Jul 2014 07:37:41 -0700 (PDT) In-Reply-To: <53BBBE2D.6090003@mozilla.org> References: <53BA9637.2040002@mozilla.org> <544B0DD62A64C1448B2DA253C011414607CCE6A59A@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <53BBBE2D.6090003@mozilla.org> Date: Tue, 8 Jul 2014 10:37:41 -0400 Message-ID: From: Jeffrey Walton To: Gervase Markham Content-Type: text/plain; charset=UTF-8 Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/0tF4mnHpQOooDXtvzmPOjTCkquc Cc: "dbound@ietf.org" Subject: Re: [Dbound] Are there any deliverables? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: noloader@gmail.com List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2014 14:37:45 -0000 On Tue, Jul 8, 2014 at 5:47 AM, Gervase Markham wrote: > On 07/07/14 23:28, Jeffrey Walton wrote: >> At the moment, OpenSSL's pattern matching behavior is to allow the >> asterisk as a prefix or suffix in the label; and allow a asterisk in >> an arbirary location. The default behavior must be modified with >> X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS (to stop 'w*' and '*w'). I don't >> believe there's anything to suppress a match in an arbitrary location >> (i.e., 'www.*.co.uk'). > > The CAB Forum Baseline Requirements define a Wildcard Certificate as: > > "A Certificate containing an asterisk (*) in the left-most position of > any of the Subject Fully-Qualified Domain Names contained in the > Certificate." > https://cabforum.org/wp-content/uploads/Baseline_Requirements_V1_1_8.pdf > > So my understanding is that issuing certs which have wildcards in > positions other than "the (entire) left-most position" is not permitted > under the BRs, and so as time goes on and older certs expire, should not > be seen on the publicly-trusted secure web. No argument from me. As a matter of fact, I of make the same argument: CAs are issuing in accordance with Baseline Requirements (and the EV Guide). I'm not sure if it is a education or political problem. Do folks not know what the CAs are issuing against? Or do folks not recognize the other bodies (like CA/B or W3C). Or maybe they just don't care... Jeff From nobody Thu Jul 10 11:55:24 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D33A41B28BA for ; Mon, 7 Jul 2014 13:28:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.725 X-Spam-Level: X-Spam-Status: No, score=-1.725 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URI_OBFU_WWW=2.475] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eDD5E6oAtadB for ; Mon, 7 Jul 2014 13:28:37 -0700 (PDT) Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED7DB1B28AB for ; Mon, 7 Jul 2014 13:28:36 -0700 (PDT) Received: from [192.168.0.2] (cpe-23-241-118-60.socal.res.rr.com [23.241.118.60]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id s67KS8cv001087 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 7 Jul 2014 13:28:20 -0700 (PDT) Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\)) Content-Type: text/plain; charset=us-ascii From: manning In-Reply-To: <53BAFC8B.8060601@mozilla.org> Date: Mon, 7 Jul 2014 13:28:08 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <53BA9637.2040002@mozilla.org> <544B0DD62A64C1448B2DA253C011414607CCE6A59A@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <53BAFC8B.8060601@mozilla.org> To: Gervase Markham X-Mailer: Apple Mail (2.1878.2) X-ISI-4-43-8-MailScanner: Found to be clean X-MailScanner-From: bmanning@karoshi.com Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/F7-s5v6zlmt8zqoqijVCLTk9Owc X-Mailman-Approved-At: Thu, 10 Jul 2014 11:55:17 -0700 Cc: "noloader@gmail.com" , Joe Abley , Rick Andrews , "dbound@ietf.org" Subject: Re: [Dbound] Are there any deliverables? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jul 2014 20:28:38 -0000 its -lots- of fun. Hotz & I did this {regular expressions in DNS = labels} last century. =20 gave many people headaches. /bill On 7July2014Monday, at 13:01, Gervase Markham wrote: > On 07/07/14 20:57, Rick Andrews wrote: >> Gerv, Microsoft's SChannel allows w*.example.com and ww*.example.com. >>=20 >> http://support.microsoft.com/kb/258858 >=20 > Wow. Didn't know that. Thanks :-) >=20 > Gerv >=20 > _______________________________________________ > Dbound mailing list > Dbound@ietf.org > https://www.ietf.org/mailman/listinfo/dbound From nobody Mon Jul 14 15:30:50 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77D3B1A0154 for ; Mon, 14 Jul 2014 15:30:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.002 X-Spam-Level: * X-Spam-Status: No, score=1.002 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=0.77, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P_fwg4vdVAhQ for ; Mon, 14 Jul 2014 15:30:48 -0700 (PDT) Received: from gproxy3-pub.mail.unifiedlayer.com (gproxy3-pub.mail.unifiedlayer.com [69.89.30.42]) by ietfa.amsl.com (Postfix) with SMTP id 63B3C1A0151 for ; Mon, 14 Jul 2014 15:30:48 -0700 (PDT) Received: (qmail 22829 invoked by uid 0); 14 Jul 2014 22:30:39 -0000 Received: from unknown (HELO cmgw4) (10.0.90.85) by gproxy3.mail.unifiedlayer.com with SMTP; 14 Jul 2014 22:30:39 -0000 Received: from box514.bluehost.com ([74.220.219.114]) by cmgw4 with id SUWU1o00s2UhLwi01UWXMs; Mon, 14 Jul 2014 22:30:37 -0600 X-Authority-Analysis: v=2.1 cv=OcELUHjY c=1 sm=1 tr=0 a=9W6Fsu4pMcyimqnCr1W0/w==:117 a=9W6Fsu4pMcyimqnCr1W0/w==:17 a=cNaOj0WVAAAA:8 a=f5113yIGAAAA:8 a=ekOJvlQLSnQA:10 a=jCU3pe4Ne5MA:10 a=3NT3xRclEPMA:10 a=8nJEP1OIZ-IA:10 a=ieNpE_y6AAAA:8 a=XYUc-DgfXtMA:10 a=vS7MmSmxvPQA:10 a=1O2aZTebgy-ZlkhMBygA:9 a=wPNLvfGTeEIA:10 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=5mejvyCPTbFxpSg0NYIrjs1OopwNOInCfZvACVSVLh0=; b=mkq3Xuk+WvgOCLkQaYzQqgvxMfpxGo0HtkXOsWjjaP59MkMg4SG0as4OzkPDM+ErMihRlMW49icX0YGjcekQePPNDy8t1SPmmbLQ5aC9N8uI3+Zv69RCIV1Xs7ddPyOo; Received: from [216.113.168.128] (port=45871 helo=[10.244.137.98]) by box514.bluehost.com with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.82) (envelope-from ) id 1X6olS-0006xh-3y for dbound@ietf.org; Mon, 14 Jul 2014 16:30:30 -0600 Message-ID: <53C45A09.9040807@KingsMountain.com> Date: Mon, 14 Jul 2014 15:30:33 -0700 From: =JeffH User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: dbound@ietf.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com} Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/YrAslQM4rR9E3bmrNpehA1DfBcQ Subject: Re: [Dbound] organizing bar bof (was: Are there any deliverables?) X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jul 2014 22:30:49 -0000 > On Thu, Jul 03, 2014 at 10:56:14PM -0000, John Levine wrote: >> >> We'll probably do a bar BOF in Toronto, since Toronto is reputed to >> have many bars. Andrew may be able to offer insight here. > > Supposing I were able to suggest such a bar, when are people likely to > be available? I currently still appear to have part of Sunday evening > after the reception open, and I can think of a place not terribly far > from the meeting hotel that, on Sunday night, might actually be able > to accommodate a crowd of us such that we could have a bar BoF in a > bar. I might even be willing to buy a whiteboard and easel to cart > along. sounds good to me. Sun night is a possibility for me, as are tue/wed/thu AFAIK. I'm arriving early Sunday. =JeffH From nobody Mon Jul 14 17:32:16 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A172D1B27C5 for ; Mon, 14 Jul 2014 17:32:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.559 X-Spam-Level: ** X-Spam-Status: No, score=2.559 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Dji2E7DwPaL for ; Mon, 14 Jul 2014 17:32:12 -0700 (PDT) Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E901C1B27B7 for ; Mon, 14 Jul 2014 17:32:11 -0700 (PDT) Received: from crankycanuck.ca (69-165-131-253.dsl.teksavvy.com [69.165.131.253]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id D445D8A031 for ; Tue, 15 Jul 2014 00:32:10 +0000 (UTC) Date: Mon, 14 Jul 2014 20:32:09 -0400 From: Andrew Sullivan To: dbound@ietf.org Message-ID: <20140715003209.GD8641@crankycanuck.ca> References: <53C45A09.9040807@KingsMountain.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <53C45A09.9040807@KingsMountain.com> User-Agent: Mutt/1.5.21 (2010-09-15) Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/4r_XyhVFOq8RZrIzyjTlsTjcbH0 Subject: Re: [Dbound] organizing bar bof (was: Are there any deliverables?) X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jul 2014 00:32:14 -0000 Tues night works for me. (Sun turns out to be a mess.) I _bet_ that on a Tues night, a group of us could get together at http://www.cestwhat.com/ and get a big enough space to seat the relevant numbers. If we asked nicely, we might be able to get it quiet enough that we could all hear each other. The food's not bad. The beer tends to be pretty good. If you're a whisk[e]y drinker, you could also do worse. Not a good wine bar. If I arranged this, how many people would show? If it's more than 10, we'll have a problem, because I don't think we'll be able to hear each other unless we find a room in which to hold it. C'est What actually has such a room, but I don't know what it'll cost to rent it. I can find out if I hear back from 10 of you in the next 24 hours. A On Mon, Jul 14, 2014 at 03:30:33PM -0700, =JeffH wrote: > > On Thu, Jul 03, 2014 at 10:56:14PM -0000, John Levine wrote: > >> > >> We'll probably do a bar BOF in Toronto, since Toronto is reputed to > >> have many bars. Andrew may be able to offer insight here. > > > > Supposing I were able to suggest such a bar, when are people likely to > > be available? I currently still appear to have part of Sunday evening > > after the reception open, and I can think of a place not terribly far > > from the meeting hotel that, on Sunday night, might actually be able > > to accommodate a crowd of us such that we could have a bar BoF in a > > bar. I might even be willing to buy a whiteboard and easel to cart > > along. > > sounds good to me. Sun night is a possibility for me, as are tue/wed/thu AFAIK. > > I'm arriving early Sunday. > > =JeffH > > > _______________________________________________ > Dbound mailing list > Dbound@ietf.org > https://www.ietf.org/mailman/listinfo/dbound -- Andrew Sullivan ajs@anvilwalrusden.com From nobody Mon Jul 14 20:45:35 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD7E61B27EF for ; Mon, 14 Jul 2014 20:45:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.563 X-Spam-Level: * X-Spam-Status: No, score=1.563 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jaJ0RDb2nsmP for ; Mon, 14 Jul 2014 20:45:34 -0700 (PDT) Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7A491A0296 for ; Mon, 14 Jul 2014 20:45:33 -0700 (PDT) Received: (qmail 86814 invoked from network); 15 Jul 2014 03:45:32 -0000 Received: from miucha.iecc.com (64.57.183.18) by mail1.iecc.com with QMQP; 15 Jul 2014 03:45:32 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=11dba.53c4a3dc.k1407; i=johnl@user.iecc.com; bh=lQhW+ol+y2MsmsoXt3H2NDonoBzlKPJnfbIm435H5RU=; b=D/XCuGziz4MV2IdrJDMRT2pW9oz15nqNGOzfmTe6K3SO4RUp1Vb1nsF1Vh5/7uBEzbXpPWgjowjGFgrqzC9+UD+JAevTReGOAGN/OWjDiddbfmgXDvW/vrwKcLs9+BuDuk1K80F+RM5tTNiJfrbnLK98yK5SKZhqHZ8ZL2nc8DxOKOK9Qe87tCj7v0+m9kaq37ZefsPHFyGsXvb66Ke+PL3PNf5606Z9ohUb7Pfk53nMIObcFhfF5LyW36H5Ar35 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=11dba.53c4a3dc.k1407; olt=johnl@user.iecc.com; bh=lQhW+ol+y2MsmsoXt3H2NDonoBzlKPJnfbIm435H5RU=; b=WR1HTgRWmg0EbjMOBMAw52d/w7h5VPprARD+w9rQo66Dpyd661SKWqLFhflqDhkOWncF/d8DjRqGJtX/Beo8wLNl/GcPGjVptmbOhFxmrHnNhw8RjPs9r1xTde146vPaNhpS70U7d8FmJa1w6oHYC5tsImexMS0bkTIwGVZJ28gOHHQEpBu9a6ADc+URP/vke8NNfTbdDSwJGrMlAg8JSF4FVMBllGMlZ8ZvsdUrU0TskeUopbcNjbP4Y5GLPeDo Date: 15 Jul 2014 03:45:10 -0000 Message-ID: <20140715034510.73145.qmail@joyce.lan> From: "John Levine" To: dbound@ietf.org In-Reply-To: <20140715003209.GD8641@crankycanuck.ca> Organization: X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/plFMBWRt9a5fbW_XIiCgMpWF6Eg Cc: ajs@anvilwalrusden.com Subject: Re: [Dbound] organizing bar bof (was: Are there any deliverables?) X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jul 2014 03:45:34 -0000 Count me in, and thanks for taking care of it. R's, John From nobody Tue Jul 15 05:37:49 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D81961B2881 for ; Tue, 15 Jul 2014 05:37:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MfnrlURptB5c for ; Tue, 15 Jul 2014 05:37:46 -0700 (PDT) Received: from mail-ie0-x22f.google.com (mail-ie0-x22f.google.com [IPv6:2607:f8b0:4001:c03::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE8D51B2886 for ; Tue, 15 Jul 2014 05:37:46 -0700 (PDT) Received: by mail-ie0-f175.google.com with SMTP id x19so4474253ier.20 for ; Tue, 15 Jul 2014 05:37:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=date:from:to:cc:message-id:in-reply-to:references:subject :mime-version:content-type:content-transfer-encoding :content-disposition; bh=4MQpBEM7cQfnYbvKFs5fQKi3SNfAhpLDW9qsHhdBsZY=; b=oNRVBxGyih9CHw0PZe/C4rgSnJx0Xvy1ZLVeMDWxIs9yU6814fVJGwzl+mJdOPN5h5 24deF/FtEI3etiKq3653ZiLwXIZoQJReR2X8SkTQlyF0zvUPea8OfsI7BZLL6ZRWWhhF Gc369zLJFXPxUUrsEGIS6h11TZDxVcAKeffsI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:message-id:in-reply-to :references:subject:mime-version:content-type :content-transfer-encoding:content-disposition; bh=4MQpBEM7cQfnYbvKFs5fQKi3SNfAhpLDW9qsHhdBsZY=; b=jhjyWevENBSgxHp52Pg9GjgXIvlcztfg6qOBy9AtlgCwDdpFeGYB/P6Bb2WFBUIBBh rnCnz+pVzpeu/P2hLR7jdorwYE4Al4TFDBlD1qhn5ngcsj+QAoYsWLxGva64Z4BOvrar o3tlw8u9ShM21JbGjbAOu3afU4Frp2VaCAyx0uBf8XNSPPCaD+PZZrT9BoSj1rmgLVDk GvhAukJ5u0ujvSKcIFBKffppAMERGHGqsrKEKQIDoYrvp6Am40n0ZdiQJAbdk9qcTyC/ fDvc01Qsec/x6XIj3pKYAvq/Skz2lF/R4MvCM9RnKMPzMuudEgG25mwgDFeNUwt1al1F 0JLg== X-Gm-Message-State: ALoCoQmIJQTKlP5nurRNZx5yUPAGJO7eB/j2PyB4AN4vspRaaU0nMtM5sVSNh93PYbbqpp4JmgN5 X-Received: by 10.42.76.205 with SMTP id f13mr11292876ick.63.1405427865950; Tue, 15 Jul 2014 05:37:45 -0700 (PDT) Received: from walrus.hopcount.ca (135-23-234-114.cpe.pppoe.ca. [135.23.234.114]) by mx.google.com with ESMTPSA id vk3sm34473833igb.17.2014.07.15.05.37.45 for (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 15 Jul 2014 05:37:45 -0700 (PDT) Date: Tue, 15 Jul 2014 08:37:44 -0400 From: Joe Abley To: John Levine , dbound@ietf.org Message-ID: In-Reply-To: <20140715034510.73145.qmail@joyce.lan> References: <20140715034510.73145.qmail@joyce.lan> X-Mailer: Airmail (237) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/JwwpdnrgSFikM1XPPkL82XX_KNs Cc: ajs@anvilwalrusden.com Subject: Re: [Dbound] organizing bar bof (was: Are there any deliverables?) X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jul 2014 12:37:48 -0000 On 14 July 2014 at 23:45:38, John Levine (johnl@taugh.com) wrote: > Count me in, and thanks for taking care of it. Ditto. Joe From nobody Tue Jul 15 08:10:02 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A99B1B28DE for ; Tue, 15 Jul 2014 08:10:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xf-19rjLxkH0 for ; Tue, 15 Jul 2014 08:09:58 -0700 (PDT) Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80CE81B28BA for ; Tue, 15 Jul 2014 08:09:34 -0700 (PDT) Received: from [192.168.1.66] (76-218-8-156.lightspeed.sntcca.sbcglobal.net [76.218.8.156]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id s6FF9TqD027772 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 15 Jul 2014 08:09:33 -0700 Message-ID: <53C543C3.6050905@dcrocker.net> Date: Tue, 15 Jul 2014 08:07:47 -0700 From: Dave Crocker Organization: Brandenburg InternetWorking User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: Andrew Sullivan , dbound@ietf.org References: <53C45A09.9040807@KingsMountain.com> <20140715003209.GD8641@crankycanuck.ca> In-Reply-To: <20140715003209.GD8641@crankycanuck.ca> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Tue, 15 Jul 2014 08:09:33 -0700 (PDT) Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/0wxZoDPD4L3Fh8AT1ak03x4emrQ Subject: Re: [Dbound] organizing bar bof (was: Are there any deliverables?) X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: dcrocker@bbiw.net List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jul 2014 15:10:00 -0000 On 7/14/2014 5:32 PM, Andrew Sullivan wrote: > If I arranged this, how > many people would show? +1 d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net From nobody Tue Jul 15 09:58:39 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 257DD1B28EE for ; Tue, 15 Jul 2014 09:58:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 485fWt9b8UOp for ; Tue, 15 Jul 2014 09:58:34 -0700 (PDT) Received: from mail-pa0-f49.google.com (mail-pa0-f49.google.com [209.85.220.49]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0E8C1B28EC for ; Tue, 15 Jul 2014 09:58:34 -0700 (PDT) Received: by mail-pa0-f49.google.com with SMTP id hz1so3638784pad.8 for ; Tue, 15 Jul 2014 09:58:34 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=dlbqhvBPCg0T7NbniHdcv6wLIk8ZTRSgBR8Xk8Iz1rE=; b=JYqlSC9OItkuT1hYF21GVxwCtzdCghdHJLSpj+bekwmq855I80sFUYkFw9/djW0rcr KA1j8xvtxxIIhaPOq8zKGLiPfryD08JQlD5Uwzs3+3LijwBWx/w6aHiqXCKBTILmkmv8 Y/j335FQpqHiSUIhZ3O6AxEFI32S2bi+TAQb2kEG81W3n1ZfCCyx64o7sxb2FgXhQUNe dkgkP8EN81uiZ/PdXLbZ+Ho7HUjqk/SKvxW/5kNOkeCmCwakQfAQkPBW/MliCE66T5fd HZqvAvkbPm9x7Pi+UcEhSxGaGy3x1vmY52x0ALA1OFAzqRqhDdgMY0Lu/poIr2z+wxTe BbWw== X-Gm-Message-State: ALoCoQk83T2SRR4L6cVPcd3Nxowl4Vp32F4EtdR5hrTD619XeQGeK/8QnPXe1GiURI0lk2/t10px X-Received: by 10.68.68.131 with SMTP id w3mr23994687pbt.90.1405443514203; Tue, 15 Jul 2014 09:58:34 -0700 (PDT) Received: from [10.0.1.3] (c-24-6-168-86.hsd1.ca.comcast.net. [24.6.168.86]) by mx.google.com with ESMTPSA id c17sm19304077pdm.33.2014.07.15.09.58.32 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 15 Jul 2014 09:58:33 -0700 (PDT) Content-Type: multipart/signed; boundary="Apple-Mail=_3F66E946-9347-47E6-A28C-3CCF1380A095"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: David Conrad In-Reply-To: <20140715003209.GD8641@crankycanuck.ca> Date: Tue, 15 Jul 2014 09:58:30 -0700 Message-Id: References: <53C45A09.9040807@KingsMountain.com> <20140715003209.GD8641@crankycanuck.ca> To: Andrew Sullivan X-Mailer: Apple Mail (2.1878.6) Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/WZO0myaPOV3rFFq3IPVsM1x28yg Cc: dbound@ietf.org Subject: Re: [Dbound] organizing bar bof (was: Are there any deliverables?) X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jul 2014 16:58:37 -0000 --Apple-Mail=_3F66E946-9347-47E6-A28C-3CCF1380A095 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii On Jul 14, 2014, at 5:32 PM, Andrew Sullivan wrote: > If I arranged this, how many people would show? +1 Regards, -drc --Apple-Mail=_3F66E946-9347-47E6-A28C-3CCF1380A095 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJTxV22AAoJENV6ebf0/4rXSicH/RD1Nf0W74n+29Il6qcuXyC5 fuAh3v25S1YHw6dtNEJGtqR8jH4Wniimtcv8Sg5D9sbZqYmNtyZPSkfPBlXRiq+O 1vK+rNelez5EIzsdY48PFUQQ+ve/it/pDfarmiXDlj87KyoFBm64WwqakakIGMmJ RmZPrEHJzzufmYrjNdr/uGdzRwCWbhWLs0BR/TA5qjs2CX90EIO/szEIhaOfQ+s+ n6p86yuPRazIB+O9ynxVemC9Rc/1b6CGsQWK/VYGmHDxSQ+bgJ4t22U+4GdyVMz1 KQbVFGfRSXUwGw0OcdK/GBx2uWQwqB8X1ITEoXUjZam3/XzP4eI9bD1CnUaXgaQ= =l6bc -----END PGP SIGNATURE----- --Apple-Mail=_3F66E946-9347-47E6-A28C-3CCF1380A095-- From nobody Tue Jul 15 14:32:09 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC0881A0769 for ; Tue, 15 Jul 2014 08:06:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l83ih9mCmksA for ; Tue, 15 Jul 2014 08:06:24 -0700 (PDT) Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7310E1A0654 for ; Tue, 15 Jul 2014 08:06:24 -0700 (PDT) Received: from [192.168.1.66] (76-218-8-156.lightspeed.sntcca.sbcglobal.net [76.218.8.156]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id s6FF6ILD027508 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 15 Jul 2014 08:06:22 -0700 Message-ID: <53C54304.4020909@bbiw.net> Date: Tue, 15 Jul 2014 08:04:36 -0700 From: Dave Crocker Organization: Brandenburg InternetWorking User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: Andrew Sullivan , dbound@ietf.org References: <53C45A09.9040807@KingsMountain.com> <20140715003209.GD8641@crankycanuck.ca> In-Reply-To: <20140715003209.GD8641@crankycanuck.ca> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.67]); Tue, 15 Jul 2014 08:06:22 -0700 (PDT) Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/_3bPIb_z7_lDLYBDr7aSJXMrj8U X-Mailman-Approved-At: Tue, 15 Jul 2014 14:32:09 -0700 Subject: Re: [Dbound] organizing bar bof (was: Are there any deliverables?) X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jul 2014 15:06:30 -0000 On 7/14/2014 5:32 PM, Andrew Sullivan wrote: > If I arranged this, how > many people would show? +1 d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net From nobody Tue Jul 15 18:54:15 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 002C01B29F7 for ; Tue, 15 Jul 2014 18:54:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.851 X-Spam-Level: X-Spam-Status: No, score=-4.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wTp0tRTNbgQF for ; Tue, 15 Jul 2014 18:54:12 -0700 (PDT) Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A3BB1B29F6 for ; Tue, 15 Jul 2014 18:54:12 -0700 (PDT) Received: from [192.168.100.78] ([50.21.201.163]) (authenticated bits=0) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id s6G1rnFH006006 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 15 Jul 2014 18:53:59 -0700 (PDT) Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\)) Content-Type: text/plain; charset=windows-1252 From: manning bill In-Reply-To: Date: Tue, 15 Jul 2014 18:53:49 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <09DFF490-268A-4A03-A6D8-A7ADE6FE2603@isi.edu> References: <53C45A09.9040807@KingsMountain.com> <20140715003209.GD8641@crankycanuck.ca> To: David Conrad X-Mailer: Apple Mail (2.1878.2) X-ISI-4-43-8-MailScanner: Found to be clean X-MailScanner-From: bmanning@isi.edu Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/SeBkmE2vw051xYTP-CxbCbGYxMY Cc: Andrew Sullivan , dbound@ietf.org Subject: Re: [Dbound] organizing bar bof (was: Are there any deliverables?) X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jul 2014 01:54:14 -0000 if there is still room=85 /bill PO Box 12317 Marina del Rey, CA 90295 310.322.8102 On 15July2014Tuesday, at 9:58, David Conrad wrote: > On Jul 14, 2014, at 5:32 PM, Andrew Sullivan = wrote: >> If I arranged this, how many people would show? =20 >=20 > +1 >=20 > Regards, > -drc >=20 > _______________________________________________ > Dbound mailing list > Dbound@ietf.org > https://www.ietf.org/mailman/listinfo/dbound From nobody Wed Jul 16 10:27:03 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A23A1A00E1 for ; Wed, 16 Jul 2014 10:27:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.559 X-Spam-Level: ** X-Spam-Status: No, score=2.559 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZTMgfe-H3K6w for ; Wed, 16 Jul 2014 10:26:59 -0700 (PDT) Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36F231A00B8 for ; Wed, 16 Jul 2014 10:26:58 -0700 (PDT) Received: from mx1.yitter.info (69-165-131-253.dsl.teksavvy.com [69.165.131.253]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id 887938A031 for ; Wed, 16 Jul 2014 17:26:57 +0000 (UTC) Date: Wed, 16 Jul 2014 13:26:56 -0400 From: Andrew Sullivan To: dbound@ietf.org Message-ID: <20140716172655.GF10111@mx1.yitter.info> References: <53C45A09.9040807@KingsMountain.com> <20140715003209.GD8641@crankycanuck.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20140715003209.GD8641@crankycanuck.ca> User-Agent: Mutt/1.5.21 (2010-09-15) Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/jcrdpRfmSWpbNf7NuTDCpw6lJkU Subject: Re: [Dbound] organizing bar bof X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jul 2014 17:27:01 -0000 Hi, On Mon, Jul 14, 2014 at 08:32:09PM -0400, Andrew Sullivan wrote: > I _bet_ that on a Tues night, a group of us could get together at > http://www.cestwhat.com/ and get a big enough space to seat the > relevant numbers. If we asked nicely, we might be able to get it > quiet enough that we could all hear each other. I've arranged for this. I've heard from 11 people (including me) so far. C'est What has agreed to give us a room ("the Library") with the music turned down. Both food and drink will be cash & carry at the bar -- we won't have service in the room. They'll set us up for 20 people, because in my experience these side meetings tend to collect additional people. There are strict requirements that we not exceed 30 people, so I'd really appreciate it if people who are planning to come keep letting me know. They appear not to be charging for this room, so I hope you all tip well. C'est What is a few blocks east along Front Street, which is where the front entrance of the Fairmont Royal York faces (there's a giant pit there right now). C'est What is in the basement of a building on the south side of Front, on the east side of Church. (In Toronto, for practical purposes, the lake is always south of you.) Here's a map: https://goo.gl/maps/J0BGO. Does it seem useful if I go to a stationers' and pick up a small portable whiteboard? A -- Andrew Sullivan ajs@anvilwalrusden.com From nobody Wed Jul 16 10:36:07 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5D8B1A015F for ; Wed, 16 Jul 2014 10:35:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.378 X-Spam-Level: X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XwOZKIsVxYrg for ; Wed, 16 Jul 2014 10:35:59 -0700 (PDT) Received: from mail-ie0-x22d.google.com (mail-ie0-x22d.google.com [IPv6:2607:f8b0:4001:c03::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16A6E1A00E7 for ; Wed, 16 Jul 2014 10:32:37 -0700 (PDT) Received: by mail-ie0-f173.google.com with SMTP id tr6so1053912ieb.32 for ; Wed, 16 Jul 2014 10:32:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=deccio.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=eMhpLYo+aqyA9y35deN2KjvxPgxHJ+0J3MipYsjkG20=; b=TsvlPUchd1TV328PMAQkTf7jjGdg5P0fonvBPAEQOzF0OdK3qlzq4UsgrjU3Kw7jTb QfebKGqgHiF2BHQtrUm3BC2xnQqVNX92l142oMPv5F/XPC8euQCNV1Q7DY7eUXVMqcdO 9ODeVaHBO59QWXtYRhC/O7Z/Ih3v28F7k8GXs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=eMhpLYo+aqyA9y35deN2KjvxPgxHJ+0J3MipYsjkG20=; b=ScANkxPBh1Ee+fTyTtj65E/XJNtbLv8sRBwcNtP8evYBr63u55q9XX9T6PvCEH6rrG +jB6Q3voIhrGxCc27Z8FM4SjRgDCbRpIgUIJUdVJ/XpQETDvnpGut0Jy/RQF7Fv2HweM vZq9FXN2R27l9/RPY16bhLRlWQpHno++6ygsJtqd4Gy4djypizyPcZ0GqCWC6c3X7AYz kDkHD/TRptntael/RheW3cpO/xRtGV5achMjzbjIAATgpZLlk28jGGaXXNdD8iWcohXF eYFuGxPtZj1QpYSQ2WQmb44QYao6GLsCIALYmewIiSI6COz5a6BCGrQgmqI75RCZAzEM TX9Q== X-Gm-Message-State: ALoCoQmp7GwclcZm8od8Q8cJuzJZfjMNHfCLzv9WEAKX3NaqVD8TLx6Zc0Gn/Mhlgjb9FGt6s9Ha MIME-Version: 1.0 X-Received: by 10.50.126.7 with SMTP id mu7mr18707073igb.20.1405531956222; Wed, 16 Jul 2014 10:32:36 -0700 (PDT) Received: by 10.50.37.129 with HTTP; Wed, 16 Jul 2014 10:32:36 -0700 (PDT) In-Reply-To: <20140716172655.GF10111@mx1.yitter.info> References: <53C45A09.9040807@KingsMountain.com> <20140715003209.GD8641@crankycanuck.ca> <20140716172655.GF10111@mx1.yitter.info> Date: Wed, 16 Jul 2014 13:32:36 -0400 Message-ID: From: Casey Deccio To: Andrew Sullivan Content-Type: multipart/alternative; boundary=047d7b2e1285f8b80304fe52e85b Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/A0oX-dHQ5H4oBhTXLhRZzsK2iIk Cc: dbound@ietf.org Subject: Re: [Dbound] organizing bar bof X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jul 2014 17:36:00 -0000 --047d7b2e1285f8b80304fe52e85b Content-Type: text/plain; charset=UTF-8 On Wed, Jul 16, 2014 at 1:26 PM, Andrew Sullivan wrote: > I've arranged for this. I've heard from 11 people (including me) so far. > > ... > I'd really appreciate it if people who are planning to > come keep letting me know. I plan to attend. Thanks for setting it up! Casey --047d7b2e1285f8b80304fe52e85b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On Wed, Jul 16, 2014 at 1:26 PM, Andrew Sullivan <aj= s@anvilwalrusden.com> wrote:
I've arranged for this. =C2=A0I've h= eard from 11 people (including me) so far.

...
I'd really appreci= ate it if people who are planning to
come keep letting me know.
=C2=A0
I plan to atte= nd.=C2=A0 Thanks for setting it up!

Casey
--047d7b2e1285f8b80304fe52e85b-- From nobody Wed Jul 16 10:36:58 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE9331A00F4 for ; Wed, 16 Jul 2014 10:36:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.079 X-Spam-Level: X-Spam-Status: No, score=-0.079 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ho5yKEBBp7Ck for ; Wed, 16 Jul 2014 10:36:40 -0700 (PDT) Received: from mail-we0-f173.google.com (mail-we0-f173.google.com [74.125.82.173]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BB551A0120 for ; Wed, 16 Jul 2014 10:34:49 -0700 (PDT) Received: by mail-we0-f173.google.com with SMTP id q58so1293723wes.4 for ; Wed, 16 Jul 2014 10:34:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=EdrzLBhvSlSBI6uLf4nObnbrLasUH3qX+pk+VDNPzHY=; b=fOvTMm8zjE7UzGI1m6g9brOWcTrppxZs9vC3uCmZB2iY6HTEcHAm8Y6dR0UW+U6iy2 4skZYTBQA51byvvyHVEX8Knn3CpUvZfLybD3KXaZPEzrVvPJIOjSblVZ/aTkadePpG75 vbkyto0d3KKR0BYt9J+oCXmmZ/i7OO4w9juCSRzfs4nlLXsKEjh6MipZ7xVTGGdIAfCx tiDntTVLvCoLcNp+1arlJYCQnqLW9DaQg4Oz2zF5JxwvrMGO6qW0/qgBHCY65xQ9JW6k K6q1+4CSvvOStybFdJj4QMh1FkdGiskh6pIZRCQAXLGdua1vRMITSOh4Q65OfOoHAEgy 1f8Q== X-Gm-Message-State: ALoCoQl8FAWIpse9dyv10yTfqzkDTs+JaEVsAVECNL/aZYXzQPqklVDRbPqm1/BMuXkXFCIVxiYX MIME-Version: 1.0 X-Received: by 10.194.222.230 with SMTP id qp6mr38158952wjc.23.1405532088588; Wed, 16 Jul 2014 10:34:48 -0700 (PDT) Received: by 10.194.248.233 with HTTP; Wed, 16 Jul 2014 10:34:48 -0700 (PDT) In-Reply-To: <20140716172655.GF10111@mx1.yitter.info> References: <53C45A09.9040807@KingsMountain.com> <20140715003209.GD8641@crankycanuck.ca> <20140716172655.GF10111@mx1.yitter.info> Date: Wed, 16 Jul 2014 13:34:48 -0400 Message-ID: From: Warren Kumari To: Andrew Sullivan Content-Type: text/plain; charset=UTF-8 Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/MPNFIX-uK1prC1AYWnSx7LW8qhM Cc: dbound@ietf.org Subject: Re: [Dbound] organizing bar bof X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jul 2014 17:36:46 -0000 Time? Oh, and I just bought a big flipchart thingie from Staples. Should still have a fair number of pages free on Tuesday, can bring it along. Otherwise, whiteboards are ~$40CAD, and markers for ~$7 CAD. W On Wed, Jul 16, 2014 at 1:26 PM, Andrew Sullivan wrote: > Hi, > > On Mon, Jul 14, 2014 at 08:32:09PM -0400, Andrew Sullivan wrote: > >> I _bet_ that on a Tues night, a group of us could get together at >> http://www.cestwhat.com/ and get a big enough space to seat the >> relevant numbers. If we asked nicely, we might be able to get it >> quiet enough that we could all hear each other. > > I've arranged for this. I've heard from 11 people (including me) so far. > > C'est What has agreed to give us a room ("the Library") with the music > turned down. Both food and drink will be cash & carry at the bar -- > we won't have service in the room. They'll set us up for 20 people, > because in my experience these side meetings tend to collect > additional people. There are strict requirements that we not exceed > 30 people, so I'd really appreciate it if people who are planning to > come keep letting me know. They appear not to be charging for this > room, so I hope you all tip well. > > C'est What is a few blocks east along Front Street, which is where the > front entrance of the Fairmont Royal York faces (there's a giant pit > there right now). C'est What is in the basement of a building on the > south side of Front, on the east side of Church. (In Toronto, for > practical purposes, the lake is always south of you.) Here's a map: > https://goo.gl/maps/J0BGO. > > Does it seem useful if I go to a stationers' and pick up a small > portable whiteboard? > > A > > -- > Andrew Sullivan > ajs@anvilwalrusden.com > > _______________________________________________ > Dbound mailing list > Dbound@ietf.org > https://www.ietf.org/mailman/listinfo/dbound From nobody Wed Jul 16 10:38:42 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEB0C1A00FF for ; Wed, 16 Jul 2014 10:38:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.141 X-Spam-Level: X-Spam-Status: No, score=-0.141 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7egCpc8bMjNi for ; Wed, 16 Jul 2014 10:38:33 -0700 (PDT) Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF1091A008B for ; Wed, 16 Jul 2014 10:38:33 -0700 (PDT) Received: from mx1.yitter.info (69-165-131-253.dsl.teksavvy.com [69.165.131.253]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id A35308A031 for ; Wed, 16 Jul 2014 17:38:32 +0000 (UTC) Date: Wed, 16 Jul 2014 13:38:31 -0400 From: Andrew Sullivan To: dbound@ietf.org Message-ID: <20140716173831.GH10111@mx1.yitter.info> References: <53C45A09.9040807@KingsMountain.com> <20140715003209.GD8641@crankycanuck.ca> <20140716172655.GF10111@mx1.yitter.info> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20140716172655.GF10111@mx1.yitter.info> User-Agent: Mutt/1.5.21 (2010-09-15) Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/VMLgxZhZoPi7sKz_1QkbJNG2EsY Subject: Re: [Dbound] organizing bar bof X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jul 2014 17:38:35 -0000 Oops, forgot to say, I told them 19:30, which gives us time to get there after the 18:40 end of the previous session. A On Wed, Jul 16, 2014 at 01:26:56PM -0400, Andrew Sullivan wrote: > Hi, > > On Mon, Jul 14, 2014 at 08:32:09PM -0400, Andrew Sullivan wrote: > > > I _bet_ that on a Tues night, a group of us could get together at > > http://www.cestwhat.com/ and get a big enough space to seat the > > relevant numbers. If we asked nicely, we might be able to get it > > quiet enough that we could all hear each other. > > I've arranged for this. I've heard from 11 people (including me) so far. > > C'est What has agreed to give us a room ("the Library") with the music > turned down. Both food and drink will be cash & carry at the bar -- > we won't have service in the room. They'll set us up for 20 people, > because in my experience these side meetings tend to collect > additional people. There are strict requirements that we not exceed > 30 people, so I'd really appreciate it if people who are planning to > come keep letting me know. They appear not to be charging for this > room, so I hope you all tip well. > > C'est What is a few blocks east along Front Street, which is where the > front entrance of the Fairmont Royal York faces (there's a giant pit > there right now). C'est What is in the basement of a building on the > south side of Front, on the east side of Church. (In Toronto, for > practical purposes, the lake is always south of you.) Here's a map: > https://goo.gl/maps/J0BGO. > > Does it seem useful if I go to a stationers' and pick up a small > portable whiteboard? > > A > > -- > Andrew Sullivan > ajs@anvilwalrusden.com > > _______________________________________________ > Dbound mailing list > Dbound@ietf.org > https://www.ietf.org/mailman/listinfo/dbound -- Andrew Sullivan ajs@anvilwalrusden.com From nobody Wed Jul 16 10:51:06 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC0641A014B for ; Wed, 16 Jul 2014 10:51:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WBPNl4u1RkjW for ; Wed, 16 Jul 2014 10:51:04 -0700 (PDT) Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E00E11A014D for ; Wed, 16 Jul 2014 10:51:03 -0700 (PDT) Received: from [192.168.1.66] (76-218-8-156.lightspeed.sntcca.sbcglobal.net [76.218.8.156]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id s6GHow1G018272 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 16 Jul 2014 10:51:01 -0700 Message-ID: <53C6BB1B.5050504@dcrocker.net> Date: Wed, 16 Jul 2014 10:49:15 -0700 From: Dave Crocker Organization: Brandenburg InternetWorking User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: Warren Kumari , Andrew Sullivan References: <53C45A09.9040807@KingsMountain.com> <20140715003209.GD8641@crankycanuck.ca> <20140716172655.GF10111@mx1.yitter.info> In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Wed, 16 Jul 2014 10:51:02 -0700 (PDT) Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/htNXZs0CS0AzlaNz5SDClnyLafM Cc: dbound@ietf.org Subject: Re: [Dbound] organizing bar bof X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: dcrocker@bbiw.net List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jul 2014 17:51:05 -0000 On 7/16/2014 10:34 AM, Warren Kumari wrote: > Oh, and I just bought a big flipchart thingie from Staples. Should > still have a fair number of pages free on Tuesday, can bring it along. > Otherwise, whiteboards are ~$40CAD, and markers for ~$7 CAD. What about, instead, using a shared online venue? editpad or google-something or...? d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net From nobody Wed Jul 16 10:58:59 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D27831A012D for ; Wed, 16 Jul 2014 10:58:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.141 X-Spam-Level: X-Spam-Status: No, score=-0.141 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3WsAurn2KosE for ; Wed, 16 Jul 2014 10:58:58 -0700 (PDT) Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEB8D1A0110 for ; Wed, 16 Jul 2014 10:58:57 -0700 (PDT) Received: from mx1.yitter.info (69-165-131-253.dsl.teksavvy.com [69.165.131.253]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id F18158A031 for ; Wed, 16 Jul 2014 17:58:55 +0000 (UTC) Date: Wed, 16 Jul 2014 13:58:54 -0400 From: Andrew Sullivan To: dbound@ietf.org Message-ID: <20140716175854.GK10111@mx1.yitter.info> References: <53C45A09.9040807@KingsMountain.com> <20140715003209.GD8641@crankycanuck.ca> <20140716172655.GF10111@mx1.yitter.info> <53C6BB1B.5050504@dcrocker.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <53C6BB1B.5050504@dcrocker.net> User-Agent: Mutt/1.5.21 (2010-09-15) Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/KNLsIreFAcKaJCD1I4V5nVtS3zk Subject: Re: [Dbound] organizing bar bof X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jul 2014 17:58:59 -0000 On Wed, Jul 16, 2014 at 10:49:15AM -0700, Dave Crocker wrote: > > What about, instead, using a shared online venue? C'est What does have wifi access, but I bet it can't stand up to even 10 IETFers at the same time. A -- Andrew Sullivan ajs@anvilwalrusden.com From nobody Sat Jul 19 18:45:10 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26B1B1B2B52 for ; Sat, 19 Jul 2014 18:45:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.232 X-Spam-Level: X-Spam-Status: No, score=0.232 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AdJkovTD_SlZ for ; Sat, 19 Jul 2014 18:45:06 -0700 (PDT) Received: from gproxy2-pub.mail.unifiedlayer.com (gproxy2-pub.mail.unifiedlayer.com [69.89.18.3]) by ietfa.amsl.com (Postfix) with SMTP id 2CE701A030C for ; Sat, 19 Jul 2014 18:45:06 -0700 (PDT) Received: (qmail 31236 invoked by uid 0); 20 Jul 2014 01:45:02 -0000 Received: from unknown (HELO cmgw4) (10.0.90.85) by gproxy2.mail.unifiedlayer.com with SMTP; 20 Jul 2014 01:45:02 -0000 Received: from box514.bluehost.com ([74.220.219.114]) by cmgw4 with id UXkx1o00Q2UhLwi01Xl0mD; Sun, 20 Jul 2014 01:45:00 -0600 X-Authority-Analysis: v=2.1 cv=OcELUHjY c=1 sm=1 tr=0 a=9W6Fsu4pMcyimqnCr1W0/w==:117 a=9W6Fsu4pMcyimqnCr1W0/w==:17 a=cNaOj0WVAAAA:8 a=f5113yIGAAAA:8 a=ekOJvlQLSnQA:10 a=jCU3pe4Ne5MA:10 a=3NT3xRclEPMA:10 a=8nJEP1OIZ-IA:10 a=ieNpE_y6AAAA:8 a=XYUc-DgfXtMA:10 a=aQyOShshic0A:10 a=EUJEw3l2AAAA:8 a=JH8OdoQRBygpbWiAzSAA:9 a=wPNLvfGTeEIA:10 a=nq4nzKhjzMYA:10 a=RDuRYoylFdMA:10 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=bmTR+pHFm8xhRJbDMhkj72SA60AvCLyZ5m3+7bwEbD0=; b=Qs0uDC6IK8954zYSDpJ+Cop43M42Aofh0SXAVYbscEkmRSRZPC+k+8Kl5lQwonvWHW8uuLvhX8KH8c2rZVFv1sBVU0MAADMdthwC2aIkWUY3zQU+U0xc9RAd4QOrXa+e; Received: from [98.248.231.21] (port=60388 helo=[192.168.11.14]) by box514.bluehost.com with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.82) (envelope-from ) id 1X8gBO-0007y2-Rs for dbound@ietf.org; Sat, 19 Jul 2014 19:44:59 -0600 Message-ID: <53CB1F15.5090308@KingsMountain.com> Date: Sat, 19 Jul 2014 18:44:53 -0700 From: =JeffH User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: dbound@ietf.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 98.248.231.21 authed with jeff.hodges+kingsmountain.com} Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/oFmVooAuJek1yDlZAxs2xpx0qho Subject: Re: [Dbound] organizing bar bof (was: Are there any deliverables?) X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Jul 2014 01:45:08 -0000 > On Mon, Jul 14, 2014 at 08:32:09PM -0400, Andrew Sullivan wrote: > >> I _bet_ that on a Tues night, a group of us could get together at >> http://www.cestwhat.com/ and get a big enough space to seat the >> relevant numbers. If we asked nicely, we might be able to get it >> quiet enough that we could all hear each other. > > I've arranged for this. I've heard from 11 people (including me) so far. > in case you hadn't counted me, i'm a +1 thx =JeffH From nobody Sun Jul 20 21:34:22 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31CAC1B2D5B for ; Sun, 20 Jul 2014 21:34:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.977 X-Spam-Level: X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c0VYdvTbSxno for ; Sun, 20 Jul 2014 21:34:20 -0700 (PDT) Received: from mail-oa0-f53.google.com (mail-oa0-f53.google.com [209.85.219.53]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24E721B2CC8 for ; Sun, 20 Jul 2014 21:34:20 -0700 (PDT) Received: by mail-oa0-f53.google.com with SMTP id j17so6702122oag.12 for ; Sun, 20 Jul 2014 21:34:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=cnoGRPKV2ETEr7PVOCnynDPLx8+kxC7Apd9qWKikAOg=; b=a5RQ7pBXbwVmFCcjV6xdK3TDOKLp4dlD/U6vKnQesWuKkmi7x6wl/cIrM6PCaEh8WW c7pTRO6XLFmP8mR415isSibAAwI+239ZIaZrk7xzmBq+soSxlSDER05V/vPuh+NaVYVr a03Z2PclRP3GIAfmyrWhtSU/Y6NJbgJpGdThvKOvn5Ro1WsuxIh75OREWPnEK/bv7it3 gHsBlsRHl3booxfpG+TgGICxsxv9vcml9g+/5WerNw7vd9LAHMIXBiqPmT3WUMn4oZRm p/qcHqorid4DC5qNkiLI4MNtRVUgquiIm7KE58OJdVJZattvhKVqAW48rRNi6jjHvA0a eZNg== X-Gm-Message-State: ALoCoQkk85o0Mp4WT16bAaq/wry6qDpouGNxGV2cd6b1dGxZKZwp80s03xE3EpiGuAkpL+Mp9Kqe MIME-Version: 1.0 X-Received: by 10.60.62.148 with SMTP id y20mr32842496oer.80.1405917259474; Sun, 20 Jul 2014 21:34:19 -0700 (PDT) Received: by 10.182.224.168 with HTTP; Sun, 20 Jul 2014 21:34:19 -0700 (PDT) In-Reply-To: <53C45A09.9040807@KingsMountain.com> References: <53C45A09.9040807@KingsMountain.com> Date: Sun, 20 Jul 2014 21:34:19 -0700 Message-ID: From: Jothan Frakes To: "dbound@ietf.org" Content-Type: multipart/alternative; boundary=047d7b67017fd5bc3e04feac9e72 Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/0YJ4J0FhvQ0eAmDHfDeRS_MINv8 Subject: Re: [Dbound] organizing bar bof (was: Are there any deliverables?) X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jul 2014 04:34:21 -0000 --047d7b67017fd5bc3e04feac9e72 Content-Type: text/plain; charset=UTF-8 Hi- Can't attend the Toronto IETF due to a schedule conflict. Have a great meeting, though. Sorry I will miss this bar bof -jothan -- Jothan Frakes Tel: +1.206-355-0230 --047d7b67017fd5bc3e04feac9e72 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi-

Can't attend the Toronto IETF due to a schedule = conflict. =C2=A0Have a great meeting, though. =C2=A0Sorry I will miss this = bar bof

-jothan


--

Jothan Frakes
Tel: +1.206-355-0230


--047d7b67017fd5bc3e04feac9e72-- From nobody Tue Jul 22 06:33:30 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77C5F1B27C9 for ; Tue, 22 Jul 2014 06:33:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.561 X-Spam-Level: ** X-Spam-Status: No, score=2.561 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311, URIBL_DBL_ABUSE_REDIR=0.001, URIBL_DBL_REDIR=0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zPgxPXyOErBa for ; Tue, 22 Jul 2014 06:33:27 -0700 (PDT) Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6134D1B27DC for ; Tue, 22 Jul 2014 06:33:27 -0700 (PDT) Received: from mx1.yitter.info (dhcp-9306.meeting.ietf.org [31.133.147.6]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id 7E1758A031 for ; Tue, 22 Jul 2014 13:33:26 +0000 (UTC) Date: Tue, 22 Jul 2014 09:33:22 -0400 From: Andrew Sullivan To: dbound@ietf.org Message-ID: <20140722133322.GG19512@mx1.yitter.info> References: <53C45A09.9040807@KingsMountain.com> <20140715003209.GD8641@crankycanuck.ca> <20140716172655.GF10111@mx1.yitter.info> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20140716172655.GF10111@mx1.yitter.info> User-Agent: Mutt/1.5.21 (2010-09-15) Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/j6Aa14irsJmv4R5ZhdqKY-eALqQ Subject: Re: [Dbound] organizing bar bof X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jul 2014 13:33:28 -0000 Hi all, A reminder that we have our bar BoF this evening. On Wed, Jul 16, 2014 at 01:26:56PM -0400, Andrew Sullivan wrote: > > I've arranged for this. I've heard from 11 people (including me) so far. By my current count, we've got 15 or 16 responses (someone's "maybe"). If you're now planning to come, _please_ let me know, so that I can warn the bar if we're running up against our planned numbers. Directions are in the quoted mail below. The reservation is for 19:30 Toronto time today, but if you show up a little early I bet they won't mind. Remember that we won't have table service, so if you are going to be hungry you'll likely want to take that into consideration. See you this evening. > C'est What has agreed to give us a room ("the Library") with the music > turned down. Both food and drink will be cash & carry at the bar -- > we won't have service in the room. They'll set us up for 20 people, > because in my experience these side meetings tend to collect > additional people. There are strict requirements that we not exceed > 30 people, so I'd really appreciate it if people who are planning to > come keep letting me know. They appear not to be charging for this > room, so I hope you all tip well. > > C'est What is a few blocks east along Front Street, which is where the > front entrance of the Fairmont Royal York faces (there's a giant pit > there right now). C'est What is in the basement of a building on the > south side of Front, on the east side of Church. (In Toronto, for > practical purposes, the lake is always south of you.) Here's a map: > https://goo.gl/maps/J0BGO. > > Does it seem useful if I go to a stationers' and pick up a small > portable whiteboard? > > A > > -- > Andrew Sullivan > ajs@anvilwalrusden.com > > _______________________________________________ > Dbound mailing list > Dbound@ietf.org > https://www.ietf.org/mailman/listinfo/dbound -- Andrew Sullivan ajs@anvilwalrusden.com From nobody Tue Jul 29 14:56:00 2014 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2C801B28B5 for ; Tue, 29 Jul 2014 14:55:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.141 X-Spam-Level: X-Spam-Status: No, score=-0.141 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ii9j30e3_bu for ; Tue, 29 Jul 2014 14:55:57 -0700 (PDT) Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AB291B2821 for ; Tue, 29 Jul 2014 14:55:57 -0700 (PDT) Received: from crankycanuck.ca (nat-08-mht.dyndns.com [216.146.45.247]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id 530FC8A031 for ; Tue, 29 Jul 2014 21:55:55 +0000 (UTC) Date: Tue, 29 Jul 2014 17:55:53 -0400 From: ajs@anvilwalrusden.com To: dbound@ietf.org Message-ID: <20140729215553.GG27202@crankycanuck.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/rOtPKeotyiAjo5JAR_GWv8QieCo Subject: [Dbound] [cdeccio@verisign.com: dbound meeting notes] X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2014 21:55:59 -0000 Hi all, As some of you may recall (perhaps because you were there!), we had a side meeting at IETF 90 in Toronto in order to try to get some progress on this work. Casey Deccio was kind enough to take notes and to send them to me to be posted. They match my memory, so I've included them unmolested below. To me, there were three main themes that came out. First, there appeared to be a very strong sense that we need the _location_ of a policy had to be distinct from the statement of the policy itself. There is a potential latency pitfall here, but it seems likely manageable. Another way to think of this is the distinction between placing a boundary marker, and the boundary itself. Second, there are three different use cases that all seem to need somehow to be accommodated. We must be able to express "responsible for below me". This mechanism, for instance, is what you need for things like DMARC, where you're trying to assert (for instance) a mail administrative domain. We must be able to express ancestor-descendent in/out relationships, so that (for instance) public suffixes can say "I'm a delegation-centric name that accepts delegations from the public". This sort of approach is useful for reproducing the _current_ behaviour of cookies. Finally, there were fewer people but more enthusiastic who want to be able to express full cross-tree relationships, so that example.com and example.net can declare their relationship. This sort of scenario would help with both "IDN variants" and also for large businesses with many different domains (and cross-site scripting issues). Third, it is plan that some use cases will tolerate slightly less-accurate data in order to minimize latency or additional lookups (e.g. the "cookies" case). But contrast, some use cases require maximal accuracy at the expense of latency (e.g. CAs trying to determine correct boundaries when issuing certificates). At the end of the meeting, four of us said we'd work on a problem statement. I've since been contacted by Marc Blanchet, who wasn't able to make it but who apparently has some problem statement text already written. He said he'd send that to the I-D repository soon. Best regards, A ----- Forwarded message from "Deccio, Casey" ----- Date: Wed, 23 Jul 2014 22:11:59 +0000 From: "Deccio, Casey" To: Andrew Sullivan Subject: dbound meeting notes Hi Andrew, Here is my assortment of notes. They are really a (mostly) chronological documentation of comments, questions, and compilations that came up as we talked. Hope that's useful. Casey --------- Background/Motivation (Andrew) - complaint about public suffix list - entries being outdated - policies being handled by one individual - folks have attempted to do this within the DNS (e.g., finding zone cuts) Other/Considerations - desirable to handle mail policy using administrative boundaries - SSL certificate names could be consolidated - online/offline Problems - addressed by current public suffix list or future design (enumerated by group) 1. cookies 2. source domain/presented domain 3. wildcard certs 4. logging in certificate transparency 5. CA issuing problems (CN to auth agency mapping) 6. disjoint subtrees 7. common origin policy 8. DMARC policy covers subree 9. "extended TLD" 10. strict transport security 11. outsourcing Comments/Questions from remaining discussion: One idea for breaking this into two problems: - top-down policy - cross-tree policies Idea for divide and conquer: - distinguish make markers vs. use markers - distinguish marker and boundary Problem statement ideas: - "Are these two names 'the same'" for some definition of "the same"? - "If these names are equivalent, what is their canonical name?" - "Fundamental problem is that security policies are being read off domain names" Propose distinguishing between: - How to find policy? - How to communicate policy? Solution characteristics to consider: - online vs. offline - strict hierarchy - tree walking cost/benefit - self-publish vs. third party - retail vs. wholesale retrieval - fresh vs. cache | consistency/coherence / speed vs. accuracy Some PSL numbers read off (as of Sep 2013) - Only 4 gTLDs and 8 ccTLDs have more than 50 entries in current PSL - Most entries: - .jp 1750 - .no 755 - .museum 548 - .it 278 - Mean number of entries with 2+ labels per gTLD: 43 - Median number of entries with 2+ labels per gTLD: 0 Should policy for an organization be made by other organizations (e.g., mozilla for dyn)? Interest in establishing whether two domains map to the source domain Do we need to cover getting referral content (e.g., images for apple.com served by akamai) Comment: Don't want to just go out and find out who is the authority, but who is the authority and what is the policy? There are various common-authority-finding drafts and discussions going on in other working groups within the IETF - should we compile them? Making a solution too wide could violate policies that currently exist (or are in discussion) "Match" connotes a symmetric property, so use care with terminology (counter point - wildcard "match") Three primary components to administrative boundaries: - effective TLDs - public from top down (e.g., "co.uk") - domains below TLDs - public, followed by one or more private, followed by public (e.g., blogspot.com) - disjunct domains - associate two domains below TLD (e.g., foo.com with foo.net) Team for defining problem statement: - Jeff, John, Casey, Andrew ----- End forwarded message ----- -- Andrew Sullivan ajs@anvilwalrusden.com