From nobody Mon Feb 25 12:38:28 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1543713101B; Mon, 25 Feb 2019 12:38:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zV758vI1d__u; Mon, 25 Feb 2019 12:38:25 -0800 (PST) Received: from pacdcmhout01.cable.comcast.com (PACDCMHOUT01.cable.comcast.com [68.87.31.167]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C087130F82; Mon, 25 Feb 2019 12:38:25 -0800 (PST) X-AuditID: 44571fa7-a0dff70000021550-e6-5c745240fa21 Received: from PACDCEX21.cable.comcast.com (dlpemail-wc-5p.cable.comcast.com [24.40.13.176]) (using TLS with cipher AES256-SHA256 (256/256 bits)) (Client did not present a certificate) by pacdcmhout01.cable.comcast.com (SMTP Gateway) with SMTP id 3F.DD.05456.042547C5; Mon, 25 Feb 2019 15:38:24 -0500 (EST) Received: from PACDCEX19.cable.comcast.com (24.40.1.142) by PACDCEX21.cable.comcast.com (24.40.1.144) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 25 Feb 2019 15:38:23 -0500 Received: from PACDCEX19.cable.comcast.com ([fe80::3aea:a7ff:fe36:8304]) by PACDCEX19.cable.comcast.com ([fe80::3aea:a7ff:fe36:8304%19]) with mapi id 15.00.1395.000; Mon, 25 Feb 2019 15:38:23 -0500 From: "Brotman, Alexander" To: "art@ietf.org" , "dbound@ietf.org" CC: Stephen Farrell , "dnsop@ietf.org" Thread-Topic: Related Domains By DNS (RDBD) Draft Thread-Index: AdTNSNgC8Q46/YWfTPCiSrkXJ1OYgQ== Date: Mon, 25 Feb 2019 20:38:22 +0000 Message-ID: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [68.87.29.9] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-CFilter-Loop: Forward X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrPIsWRmVeSWpSXmKPExsUiocG7QdchqCTGoOWOuMWKux4Wuy5fY7e4 ++Yyi8X0vdfYHVg81nZfZfNYsuQnUwBTVAOjTUlGUWpiiUtqWmpecaodlwIGsElKTcsvSnVN LMqpDErNSU3ErgykMiU1J7MstUgfqzH6WM1J6GLKOPtnAntBP0dF0/oGxgbGXWxdjJwcEgIm EjMWdLN0MXJxCAnsYJK4eOgDO4Szi1HizIcmNgjnJJCz7CATSAubgJXE2//tzF2MHBwiAm4S +xZIg4SZBUIkNn5dwQISFhbQkVjyLxEkLCJgKPF71lEWCFtPYu7ti4wgNouAqsTEK1/AynkF vCQu7osECTMKiEl8P7WGCWKiuMStJ/OZIO4UkFiy5zwzhC0q8fLxP1YI20Bi69J9LBC2nMSy n3eYIXp1JBbs/sQGYWtLLFv4GizOKyAocXLmE6h6cYnDR3awTmAUm4Vk3Swk7bOQtM9C0r6A kWUVI4+ZhZ6FuZ6xoZ6hmfkmRmCycAmXX76DcfusjEOMAhyMSjy8K51KYoRYE8uKK3MPMUpw MCuJ8Ma9L44R4k1JrKxKLcqPLyrNSS0+xCjNwaIkzvvSE6haID2xJDU7NbUgtQgmy8TBKdXA GDft13nT41lT5j+pMX1fXfd3+e9TFfO/nlq/ePkSR8Gs1/erva3cixVSGyanSivLOEocEOav yrq5bcJtD6FXl3qvy7SyMm+vcJ8x9XCZzUn/KLmtPAkL6lKdHx0+e2qNttWdN8wn7Vtv/9rJ +kP70wyG1TIid5Zuiyitce/SkYk+fr1+mtMyCSWW4oxEQy3mouJEAJ8L5uwSAwAA Archived-At: Subject: [dbound] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Feb 2019 20:38:27 -0000 Hello, Stephen and I have spent a bit of time working on a draft to be able to sho= w a relationship between two domains. We're aware this subject has been co= vered a few times previously, especially in the DBOUND drafts, but we're ho= peful that a more simple approach might be more acceptable. The secondary= domain will create a DNS record that shows a link to a primary domain, and= the text should be able to be validated using the public key in a DNS reco= rd the primary domain shares. This is something akin to DKIM, a mechanism = that the email world uses to ensure the contents of a message have not been= tampered with. https://datatracker.ietf.org/doc/draft-brotman-rdbd/ We'll request that replies relating to this be sent to the dbound@ietf.org = due to the nature of the topic, but it was suggested that we might want to = notify a few other lists for their awareness. Thank you for your participa= tion and comments. -- Alex Brotman Sr. Engineer, Anti-Abuse & Messaging Policy Comcast From nobody Mon Feb 25 19:20:36 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D06AC130E6B for ; Mon, 25 Feb 2019 19:20:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=Ek/QVeow; dkim=pass (1536-bit key) header.d=taugh.com header.b=tPm+SHgO Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8G2x-1tQu22c for ; Mon, 25 Feb 2019 19:20:32 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7423E130E6C for ; Mon, 25 Feb 2019 19:20:30 -0800 (PST) Received: (qmail 2371 invoked from network); 26 Feb 2019 03:20:28 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=941.5c74b07c.k1902; bh=MiOidqlBZwjIHqFUMpDZe33cVI87JAE7vgFamJYn96Q=; b=Ek/QVeowGRZVejvngKUcOtOKyP6H9Ar7Gnt9KljlinBWwuX+dpbgPpOd47llrhwnZGlihAE5jghdPoft7tGiGnhTratYnRzSoovWPGBFgXnaYdQcRoVwevpLBnBQuljjQUC7W2eD9jxjJDzK31lvp7Fq20ZWKRCKl0Ca1a2OrCud85L9Z5VRq4jOE0bULOr0s+9GFmOdnlTkPCXEdDoGtxL3kHqbkv18h/qUVy1fj2oEL80Lk4miohdIcWaGs/fw DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=941.5c74b07c.k1902; bh=MiOidqlBZwjIHqFUMpDZe33cVI87JAE7vgFamJYn96Q=; b=tPm+SHgOG0peXIFLALu4BJ/5mTPEXHfVxFSPiYJk5GFcMqgyWRQ+uRieUJYnNe1FT+i+iqUjJQTS4kfwBfTpYNCKzjea5RfrBXOcia8J4vs/hdJHyjD7zE/grWB/bjkEyaukL0DTTwNeGPKGoDeKhjJSKN62bnpgVAbiT76ZmoNCwDUOSbD3NrLlwc1soi+uE04IHkfu69VrN9TWBvnHxwF/5kF36TD+N2oY9vvurmjVRzrJytA1kcSa0PJksSCA Received: from ary.local ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 26 Feb 2019 03:20:27 -0000 Received: by ary.local (Postfix, from userid 501) id B52BE200EC0B38; Mon, 25 Feb 2019 22:20:27 -0500 (EST) Date: 25 Feb 2019 22:20:27 -0500 Message-Id: <20190226032027.B52BE200EC0B38@ary.local> From: "John Levine" To: dbound@ietf.org Cc: Alexander_Brotman@comcast.com In-Reply-To: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> Organization: Taughannock Networks X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: Subject: Re: [dbound] [art] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Feb 2019 03:20:34 -0000 >https://datatracker.ietf.org/doc/draft-brotman-rdbd/ It seems overdesigned. If you need to trust the DNS anyway, you can just put pointers in both directions in the domains that are related to each other, no crypto needed. See Andrew Sullivan's SOPA draft from a few years ago. https://datatracker.ietf.org/doc/draft-sullivan-domain-policy-authority/ R's, John From nobody Tue Feb 26 01:17:08 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12F96130EA3 for ; Tue, 26 Feb 2019 01:17:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.301 X-Spam-Level: X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s_qKmm4H0xZX for ; Tue, 26 Feb 2019 01:17:04 -0800 (PST) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03B20130E9E for ; Tue, 26 Feb 2019 01:17:03 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 9E866BE4C; Tue, 26 Feb 2019 09:17:01 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CaZO6GASRt9n; Tue, 26 Feb 2019 09:17:00 +0000 (GMT) Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id E50A8BE2E; Tue, 26 Feb 2019 09:16:59 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1551172620; bh=w3tWnhfaBRxNDxN3cQOgNfQlhVjPyHHP4fpA+duS4Kk=; h=To:Cc:References:From:Subject:Date:In-Reply-To:From; b=EIEQqImItEGpGu0uuDvrKEIg+cA6wUDKIu/3I6g3zoQHXVlbJo6OyIs0hOmMZlJ0W feiu9qaU0rMHN7u+mxl37q/fJvAgTssN02Fg8M7C0LAvhjOkWZdNXOpktyBZs0CahK kSNBqXJute98T0OIbDBoLZXkaEUA3dYPUJiSIvuc= To: John Levine , dbound@ietf.org Cc: Alexander_Brotman@comcast.com References: <20190226032027.B52BE200EC0B38@ary.local> From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <250922de-26c5-da8d-0b25-c69bc6d56337@cs.tcd.ie> Date: Tue, 26 Feb 2019 09:16:58 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: <20190226032027.B52BE200EC0B38@ary.local> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="L5AmZYNqG5iJ3duhkZkPaUw9JOy1Uyyxa" Archived-At: Subject: Re: [dbound] [art] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Feb 2019 09:17:07 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --L5AmZYNqG5iJ3duhkZkPaUw9JOy1Uyyxa Content-Type: multipart/mixed; boundary="btHqznYCddiQLHBOnGdts2yhgFumIogTD"; protected-headers="v1" From: Stephen Farrell To: John Levine , dbound@ietf.org Cc: Alexander_Brotman@comcast.com Message-ID: <250922de-26c5-da8d-0b25-c69bc6d56337@cs.tcd.ie> Subject: Re: [dbound] [art] Related Domains By DNS (RDBD) Draft References: <20190226032027.B52BE200EC0B38@ary.local> In-Reply-To: <20190226032027.B52BE200EC0B38@ary.local> --btHqznYCddiQLHBOnGdts2yhgFumIogTD Content-Type: multipart/mixed; boundary="------------4E2A45E129846C654E73A35B" Content-Language: en-GB This is a multi-part message in MIME format. --------------4E2A45E129846C654E73A35B Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi John, Thanks for taking the time to comment. On 26/02/2019 03:20, John Levine wrote: >> https://datatracker.ietf.org/doc/draft-brotman-rdbd/ >=20 > It seems overdesigned. =20 Doesn't everything? :-) > If you need to trust the DNS anyway, you can > just put pointers in both directions in the domains that are related > to each other, no crypto needed. Arguably, yes. The parent signing the 2ndary does seem to add something to me, (even in the presence of DNSSEC) but I could be wrong. DKIM-like signing in any case seems to have been shown to only provide a low barrier so I'd hope that'd not be a reason why people wouldn't use this. (Not caring at all about it or not finding it useful enough to bother are more likely reasons;-) >=20 > See Andrew Sullivan's SOPA draft from a few years ago. >=20 > https://datatracker.ietf.org/doc/draft-sullivan-domain-policy-authority= / Yep, had that gone ahead, it'd have worked just fine for me. Not sure if that's true for Alex's use-cases. Main differences I see are: - RDBD has DKIM-like signatures (so a bit of computational complexity) - SOPA has negative assertions and wildcards (which I think adds more complexity than signatures, even if the 0 and * are easier to put into a zone file than a signature RR) Our goal with RDBD was to try find a minimal thing that's interesting enough so people might find it useful and hence deploy. I don't claim that we've hit that nail on the head though, so all feedback's very welcome. If a version of this with the signatures being optional was useful enough, I'd have no problem with that for example. Cheers, S. >=20 > R's, > John >=20 > _______________________________________________ > dbound mailing list > dbound@ietf.org > https://www.ietf.org/mailman/listinfo/dbound >=20 --------------4E2A45E129846C654E73A35B Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5tDJTdGVwaGVuIEZhcnJlbGwgKDIwMTcp IDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJCZQmAAUL CQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1yw aps8HGUNhLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG +48od+Xn7qg6LT7GrHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXk kTFaSGYJj3yIP4R6IgwBYGMzDXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRr pZtXB1XQc23ZZmrlTkl2HaThL6w3YKdiTi1NbuMeOxZqtXcUshII45sANm4HuWNT iRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS3MmGgVS4ZoX8+VaPGpXdQVFy BMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml3OEuIQiP2ehRt/HV LMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi2/Jrsz6M zh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6 TzKjGjruq8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxIkBHAQQAQgABgUCWj1SoAAK CRAvPIc2gF+NovMcCACVZPo1cQa3D+vWaIo0ZyinO/MgtD2gHysoj1T0Qvq05//L ZXmhh578bJANvdl2g/HFhhwl/5HKIfWcyipQhmJklp/dsleKcNnn4B18T75RHY0G +po3ILq7evbiOjUH+xqApti1aCxi1GocsPghaLfsxmtXKMG4Xu7XhDTv66GOrqZf Y7+0ekJjD9Dza1t5NE/JR/VZA4B8PWR8Glb0+8C9rkjD0VZ5ekJdHPDGcJmFh8Z+ q25LDoI8Fgt1uKSowvoVnsQO5MFv/y6bXArtj1uB4hAL4JiOFgHlFdrW0MlFpvYm ziW4K9JHTD8KAfDbrb3e2W97ZDpROuYfE/lTbYOWiQI9BBMBCAAnBQJaPVAyAhsD BQkJlCYABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEFqy+vF7Fyvq0mkP/ius gsf6Z4/Tu+vHzBbl5i6oKI8ZieH8JfEgXx4ut9t7l3hBGC2r7DpR5A8zLMpEhGIK gFcHagksFkfLEE/FmWDfd1MysQafxBYrHaI27P2tkxfI5JYV6247TV39pQ93kGds tsjIrmh/zEJCVczoofxtz72BDt51H2Z8tN28F/YVHnbaGDwFEEzWKYpze87y/f36 ogcdGO6LDEEEIA6Ee0dGxleuKlLS4UDTt0zjo6L8TyiyPHp9C3+UfnP8837Zp3Fh KstIBd+vWgPdHFg2G5aDIYUvrj9UJBvVgaN/RnkwE+dab2OBSg5jkr141JLQvzdZ 4mOUXn5D9Y6AH6tvj0+ubYMV6j35L1/ZXncuXPVYiylcmDp/6f2WYcT3gx9CPUYA cLMjQV4vX2W8z4uEPyMlIJuGsLf7KhvLL8BQ6zlncT6eONfUUX9UJUCzqI5rqL5c b5jWGHeKvbLWRyQnlq5PXQxJTwYRm71rJTgzejc33LE6Nqg/Q25Dgwwsv+f+7i73 gB5loc80Fef+FV9VFGalFe0Yq8m0UASmkYRh7MH5ssoibpeWk+SGfBjOV4tnsAwR yjYLpAzxA8HeDcmlLeypGEDmsQ/iUvXoGaKOYX4Ieg8T/PCAplsqnJUOq8hbkgOC 98gLZfiltkNG8YhQpoZIHj6SxmBRSc3K99CvanuOiQIzBBABCAAdFiEEfhcKBFyE z0YOK3mgEO952f2DUxIFAlu3JJsACgkQEO952f2DUxJ4qRAAmbjiO3WTAeBCB4ME p2N2+XQCMTTFURDGuJnqU/+X//fhhPRq4V/OxgisKFKlBcAS2hsECvg6HDVSz4Fl 74fk/y+botG4/CjMLdKPB9fgh5zz72i3q0hWDixt50NKBv8IIVWOyYgZxDU/vcks lMEnqbFgJX+CfdALpvAM4WjuQP0UMcKNE3xd+EdDhD1xjK3Tq4XfWob9q6aBZgL2 B4IaADCIeDDE1hv0agnSJmMJE7Bti8tNxCCxVRbZtOaxVHXdRUoOx2XTaxFXupxV hbpHRrdFrwq51f6e3bkfkNEZ3fzYpnlbynJ2zL++JO8P3Pq/S6UKEFjEB50i8YgK WuFvGUsQ+YiDgiZU4saqxSBWbfYn3lY6MSSTg8RnXbFIMG3CFImqYk1uhaV+bDjc p0htjzM2F98g7c3o7sWx0bGarId4uhOmpj7JJVQ+lu7Jby6Ocj8n//7qF1Nn11Cw QlCVaeAq5Y5DmZrnww9I3zzOWWyqFkAVCM3GqeRLMvplD6/+O+5FF7XoHzQB47nk OyZtawy/9gssPWZKLv4qHLYS0wGGCiNbCsYy90s3pfeafM0kSxxjIvEz21KT6LJI /awu2ErQFWCkDMFJ1p/97MjPrQ/6d4cPO140V/wyfuWaBiTVqa9mgnb2zn6fYfDH JEvl1UzIx3JCae25tty1+qtnS0i0LlN0ZXBoZW4gRmFycmVsbCA8c3RlcGhlbkB0 b2xlcmFudG5ldHdvcmtzLmNvbT6JAj0EEwEIACcFAlo9UVoCGwMFCQmUJgAFCwkI BwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+o7HBAAxHAdFkBGZ9gJK8w7 NUYS9C6enGYtAYoKH5G3Bn3YScjErNfQtHYb53KwBQpVSOv1HcN8hbQ8mLTgn9lt zNwNSuv0XxIswi807HRSIZ4vYDiS5VKV1YkLYK5bLY5O4alVdzqM+AZQqkuHBu63 6n+C0ED6UwLhVBFfSNvBQVAdoq6gvr+IE8rCIKTMNGwNcgVPbF+YxP7UZM6p7s2a 5MIqGw7URSfaqfuztibXGOBLFbSwLGqHSSnOXBfEeDrwdZ+ur8cXIIPRIeCTVmeO 8bGgpgBqNQXG9oyGN+TrYAC+4Ahi0UjCk7QGj8tf3xICKoQpYyfceNBZJ/969gV9 tVgvRxUjxUwc9kZbi0c8XYMTq5GCvBIh1D6BOW9QBM2SsNgG3l36+e3+c2LDdyKn 20C1IzGLVDdcCtz42/onQ/e9sMlzFrfLjs5SO2/TnLvp2JtsIQXyb/T5qd0GE5j8 /iwfZR+uVTVVEsUl1a+Yllzt6sdR7RIhhKpKaKzEAk4d0+VHdz7zEkQRRSjbPVoS fy8c/kld9Fi8Buna+ZkKpcwIW+D4XP83pGcl0XUv6AyqwS1LnEt+jv/+PSXskYtU Lzn8Z35iKkSAH/5Nz6GCZk6ORPNv/6+UI92BpUbu/G2tBwK8bPgAg+gJxBx3G7MK W7VRCmM5UrtAK9A3O70VjPyMkHSJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLC LAf/X/9vRTZWtwSXxiBCA54a6hg9IvW0mvPUqgXfvrhtOk0IFucLKrTXK8J/NcmU 6ulxOovVbQ+Bin6gtHeCmSa/W523g/NXCOuFTnS/MyVibNL4+RCFwqGysl++Cm+L nj1MmasE9kO+CNdervx8APfxV7D6OYrG4eGag+LdFR6VpJn6tRT0/WvyT8l+Oqiq gdhXHv+0MvkkD9TX5LlJW4VB/yRvWkkmL5N5c5zYh+NcfTPhQ5S9dOorVzrm65d6 Itn0937Ennau7s7fiFdA0BHjWqEAFLsBIXQfCFjjKjdsKA4xlSiX7X7ElmPYpWa5 wwTQ66dL0anMd9y1DJCMOHe4gYkCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9 g1MSBQJbtyScAAoJEBDvedn9g1MSY7sP+gKR0rFU1g+GtB+hSdtwPRbacvml2eL2 Jc5Eq37J9hAqxHyt5V0If7s8IyVA2GXgdfwULBWbXGDUDiUkh20OPQRUS8G9Sf8A WRuG25q5C8ZzWygykL88RKXJZDFtA49CeqO5Bq5syBhq4QfiSTffQHIp3h0boPGU hSBEUQpooMXYQClNARQ+z/uRzR5bUi9wxdXNnxTn9ia4ASlaBPvUYTGY1jW2HrRR SwpI12+UaWsvc3jJtQ8X0kxgJ7jsFF1uqquIZ5eflQv+PHHg2RJSy37u0UFGb+OK ZEkzlmbPokKCYhzBR5PcD6sgdlaJNcidmto9u1oV6yZT8J2W4CTuUclgxt6f3lZq ZeVLnNnbHyKUdeypwLlqYISulfnMhZ3A6Bgpf2BtjL6KJbFtPBYmYdxI+HZyY49u U2ZHhRu+CSQ1y7zGKSX0gRp5hE7+A4XJtsT6lTLhbi9aiZTG1S6zKNhl3qNNzszc r27PrvFiyGhpuYQuzdQl2PMGbOI6Ojif3sab53NO3RLsLOM09wIlr95yKLlkXkUr WcvUJGrw6HKm8j5opXHTwmJOAbDpc6cMDu+ITRu4spdCnQJcE8RkO8tKyaLuh2Gt U5kYSBK97yr5VviX1FK6rY14LLmnE16OPiK2tiVBKy9nGM0DKtY+K9WcoRZ7s/d7 O0bMfzcNPtGLuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiez GPuBHmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9Wf pHTD8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC 6T5MsK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2 D/zE4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFe A7PbTuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ /Vf3vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbpt PEcmoazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKr em5r+oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96 Z22fQ0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYgh x8b7Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQ oqj1gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P /1tF6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8 Wpfdn3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJ gx252HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5 SLjNJIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2 oKjwrIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtA ZAGsokRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIA ypqYo3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoM eDQkd0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS /qmUyXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZ IMhkvMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XO KVc3YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DJ121 -----END PGP PUBLIC KEY BLOCK----- --------------4E2A45E129846C654E73A35B-- --btHqznYCddiQLHBOnGdts2yhgFumIogTD-- --L5AmZYNqG5iJ3duhkZkPaUw9JOy1Uyyxa Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAlx1BAoACgkQWrL68XsX K+oB1g//b28ltpmOdBdTcLiQoCosDfPQGFflT+K/TgxgWsUIM+5dlxfsrWTsEzsD WQfWgW/X876qWXG+MkNepql1uWx6Bupx5euLe2bP+8ifrhkP+dJwCJ6j2WCgwWZZ /b98ibkXGuJVzG+ltpjBojcEC35mOhC3hrJjbF47WmW30THavIAabNASd8ol/6kF NGkN0LVYDe7mliWMWevL744yun3RR8GuQkS0MIvIe3P362pGTLAyD3zf2x2gywjb jRvr2fg4C+zb2T/15O4oLmK7bZl4T8ue14yX5TLj2lMe3uII2M8QMkSU7MRzMZkW +XT1DQ5nPyBgDR0HV5OUbY6MMpfopxzdqooF1lzGQDJnZuDDnAyBotfZTC8rO/iH 5tpGX9WXG7RZ+q6tCgYGtCKlt8HoBJHjx/xP9fTKLjXWesmQkblM0gq/+fGH1QKy IllBi5aBLjAvoS60xQOn+/uR7NNYm8ub5Y8iOdERMGsnFaRPAdfrcShdauwkuf/H pXlrSAVUcubGDHLRpROfZtSjjQKA2ycTZ1nDkk3J1R+G+5glRMGZLUzY5cPV/KkC wKGCfXfeuxlegXyU/B9tYK9R/yuNBo+opO8F/H2pEgBd8gP/yz19tWjt4Beo+zZ3 Xj78vwKY4sUBfzNGXS+V7ahaom9V+D1sUhSgSsv17ODHeTX6IOM= =klBq -----END PGP SIGNATURE----- --L5AmZYNqG5iJ3duhkZkPaUw9JOy1Uyyxa-- From nobody Tue Feb 26 07:26:21 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57121128CB7 for ; Tue, 26 Feb 2019 07:26:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=BwdHkGk6; dkim=pass (1536-bit key) header.d=taugh.com header.b=HrzZxQSF Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ieL7dDtw2GQs for ; Tue, 26 Feb 2019 07:26:15 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32368130E69 for ; Tue, 26 Feb 2019 07:26:14 -0800 (PST) Received: (qmail 7356 invoked by uid 100); 26 Feb 2019 15:26:12 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent:cleverness; s=1cba.5c755a94.k1902; i=johnl@user.iecc.com; bh=r/vUH/coqTsWjQby9TZ7EAD3PlRJVqWX1kz92x1RvIo=; b=BwdHkGk6ZvLAUZrPd+UyKDbg3FBhWjOtHDcfa87eZzCbYauM3tEktU0VihKhvr27tSw5wKcyNKl3VccgQaGLIIJzqK1AV4Mt1Q7s0aBuGlHhwCAWAUcjliWBmI/AUt4z3vBcmgORQ0eALl6kJZUHct8MetLhuYpRwdbvhmDCGQXn9h1+KtxecSMJvf3gWixFNoIaOXV/JfzND6zlQbRk83JLuayOl26C2ZEtMHy2VFV1T13xb5UCBkH6uYhjQE2p DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent:cleverness; s=1cba.5c755a94.k1902; olt=johnl@user.iecc.com; bh=r/vUH/coqTsWjQby9TZ7EAD3PlRJVqWX1kz92x1RvIo=; b=HrzZxQSFiRhZ3ncPZS1zeFOaCnSbkOqZqSa1uBcPDCwcAb8QaXmlIOmkmUYlI9KcaxVKEL+2B1KmBfCOp/Ds/sCu+lyWpQHv77ByQI73BJUMj1twVv9YsgD8CjiV9oBHaGV/O/gT+Z3NuD+zNgsKXYxBartrhATXVM3JW5/OfAOgsR00xifKTzjBsO93v8Nzcxm5nFYCEsRne5BYFzW5KQilYmMPG9SiSUoHOrRAqnQOhSoqv8qiwNniskgZWd6c Date: 26 Feb 2019 10:26:12 -0500 Message-ID: From: "John R Levine" To: "Stephen Farrell" Cc: dbound@ietf.org, Alexander_Brotman@comcast.com In-Reply-To: <250922de-26c5-da8d-0b25-c69bc6d56337@cs.tcd.ie> References: <20190226032027.B52BE200EC0B38@ary.local> <250922de-26c5-da8d-0b25-c69bc6d56337@cs.tcd.ie> User-Agent: Alpine 2.21.9999 (BSF 287 2018-06-16) Cleverness: None detected MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [dbound] [art] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Feb 2019 15:26:18 -0000 > Main differences I see are: > - RDBD has DKIM-like signatures (so a bit of computational > complexity) It does, but they don't prove anything that you wouldn't already know if you can look stuff up in the DNS. SOPA was inanely overcomplicated (apparently due to the demands of an IESG member who didn't understand the problem.) So if you want to do this, here's what I'd do. We have a new record type, call it SAME. Each SAME record has a flag for parent/child and a domain name. So if foo.com wants to say it's the same as foo-bar.org: foo.com. SAME 1 foo-bar.org. foo-bar.org SAME 0 foo.com. If foo.com wants to claim many other domains, it can publish as many SAME records as it needs to. If new RRs are too scary, you can do it with a txt record and a prefix: _same.foo.com TXT "v=same 1 foo-bar.org" _same.foo-bar.org TXT "v=same 0 foo.com" Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY "I dropped the toothpaste", said Tom, crestfallenly. From nobody Tue Feb 26 07:51:58 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A708129532 for ; Tue, 26 Feb 2019 07:51:56 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.301 X-Spam-Level: X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vqzJKYbJisLI for ; Tue, 26 Feb 2019 07:51:53 -0800 (PST) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 957A2128CB7 for ; Tue, 26 Feb 2019 07:51:53 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id B7591BE53; Tue, 26 Feb 2019 15:51:51 +0000 (GMT) Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DtMCy_EtuJuE; Tue, 26 Feb 2019 15:51:51 +0000 (GMT) Received: from [134.226.36.93] (unknown [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 6C32FBE51; Tue, 26 Feb 2019 15:51:51 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1551196311; bh=++iTXgFaoi1aSKJ3auJo56WZCTfaDnO2K4pJIDYyhz0=; h=To:Cc:References:From:Subject:Date:In-Reply-To:From; b=xZQoLomoTAXwZb9tLgb8oJ2iDiKWhv6gqNss1WSTu+DC+owtA/XfLCu8ybWyO9nD5 nw9qljZMb2GGsHwrFAB0MHeKJEF7yZ5K2kXg5jNkxFKoE54j0XJpnQvaAHOAgodrab 0kqjEIjmx08GhS03wnXa+pUCenAfknV8jPFwMjnM= To: John R Levine Cc: Alexander_Brotman@comcast.com, dbound@ietf.org References: <20190226032027.B52BE200EC0B38@ary.local> <250922de-26c5-da8d-0b25-c69bc6d56337@cs.tcd.ie> From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <72c13f04-0a5c-53b0-a980-5cfb69ea866d@cs.tcd.ie> Date: Tue, 26 Feb 2019 15:51:49 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="V4D42Bej17ojr9E8ww6xNCQiqVvyQDnq8" Archived-At: Subject: Re: [dbound] [art] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Feb 2019 15:51:57 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --V4D42Bej17ojr9E8ww6xNCQiqVvyQDnq8 Content-Type: multipart/mixed; boundary="Yf9vM7hK2PJqjyaNoRRROJ9fdfmnlvGZn"; protected-headers="v1" From: Stephen Farrell To: John R Levine Cc: Alexander_Brotman@comcast.com, dbound@ietf.org Message-ID: <72c13f04-0a5c-53b0-a980-5cfb69ea866d@cs.tcd.ie> Subject: Re: [dbound] [art] Related Domains By DNS (RDBD) Draft References: <20190226032027.B52BE200EC0B38@ary.local> <250922de-26c5-da8d-0b25-c69bc6d56337@cs.tcd.ie> In-Reply-To: --Yf9vM7hK2PJqjyaNoRRROJ9fdfmnlvGZn Content-Type: multipart/mixed; boundary="------------C61DF15AF967E70A7BEA0C52" Content-Language: en-GB This is a multi-part message in MIME format. --------------C61DF15AF967E70A7BEA0C52 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, On 26/02/2019 15:26, John R Levine wrote: >> Main differences I see are: >> - RDBD has DKIM-like signatures (so a bit of computational >> =C2=A0complexity) >=20 > It does, but they don't prove anything that you wouldn't already know i= f > you can look stuff up in the DNS. Not sure I agree. While I accept a signature doesn't provide a strong "proof", it can provide evidence that the primary is ok with the secondary claiming that some relationship exists and that the primary was involved in creation of the RR values. (The "can provide evidence" above of course depends on things like DNSSEC or using a previously cached version of the public key etc.) But regardless of that... >=20 > ... So if you want to do > this, here's what I'd do. >=20 > We have a new record type, call it SAME.=C2=A0 Each SAME record has a f= lag > for parent/child and a domain name.=C2=A0 So if foo.com wants to say it= 's the > same as foo-bar.org: >=20 > foo.com. SAME 1 foo-bar.org. >=20 > foo-bar.org SAME 0 foo.com. >=20 > If foo.com wants to claim many other domains, it can publish as many > SAME records as it needs to. I'd be fine if we had such an RFC and be happy if people wanted to publish such RRs in their zones. If the above existed, we could in any case define a way to digitally sign for the relationship separately, if there was support for doing so, and that could be done now or later. > If new RRs are too scary, you can do it with a txt record and a prefix:= >=20 > _same.foo.com TXT "v=3Dsame 1 foo-bar.org" >=20 > _same.foo-bar.org TXT "v=3Dsame 0 foo.com" Could be done. I suspect the IETF-process overhead of having a fight over TXT vs a new RR type isn't really worthwhile myself, so a new RR type would be just fine by me. Cheers, S. >=20 > Regards, > John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY > "I dropped the toothpaste", said Tom, crestfallenly. >=20 > _______________________________________________ > dbound mailing list > dbound@ietf.org > https://www.ietf.org/mailman/listinfo/dbound --------------C61DF15AF967E70A7BEA0C52 Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5tDJTdGVwaGVuIEZhcnJlbGwgKDIwMTcp IDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJCZQmAAUL CQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1yw aps8HGUNhLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG +48od+Xn7qg6LT7GrHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXk kTFaSGYJj3yIP4R6IgwBYGMzDXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRr pZtXB1XQc23ZZmrlTkl2HaThL6w3YKdiTi1NbuMeOxZqtXcUshII45sANm4HuWNT iRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS3MmGgVS4ZoX8+VaPGpXdQVFy BMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml3OEuIQiP2ehRt/HV LMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi2/Jrsz6M zh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6 TzKjGjruq8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxIkBHAQQAQgABgUCWj1SoAAK CRAvPIc2gF+NovMcCACVZPo1cQa3D+vWaIo0ZyinO/MgtD2gHysoj1T0Qvq05//L ZXmhh578bJANvdl2g/HFhhwl/5HKIfWcyipQhmJklp/dsleKcNnn4B18T75RHY0G +po3ILq7evbiOjUH+xqApti1aCxi1GocsPghaLfsxmtXKMG4Xu7XhDTv66GOrqZf Y7+0ekJjD9Dza1t5NE/JR/VZA4B8PWR8Glb0+8C9rkjD0VZ5ekJdHPDGcJmFh8Z+ q25LDoI8Fgt1uKSowvoVnsQO5MFv/y6bXArtj1uB4hAL4JiOFgHlFdrW0MlFpvYm ziW4K9JHTD8KAfDbrb3e2W97ZDpROuYfE/lTbYOWiQI9BBMBCAAnBQJaPVAyAhsD BQkJlCYABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEFqy+vF7Fyvq0mkP/ius gsf6Z4/Tu+vHzBbl5i6oKI8ZieH8JfEgXx4ut9t7l3hBGC2r7DpR5A8zLMpEhGIK gFcHagksFkfLEE/FmWDfd1MysQafxBYrHaI27P2tkxfI5JYV6247TV39pQ93kGds tsjIrmh/zEJCVczoofxtz72BDt51H2Z8tN28F/YVHnbaGDwFEEzWKYpze87y/f36 ogcdGO6LDEEEIA6Ee0dGxleuKlLS4UDTt0zjo6L8TyiyPHp9C3+UfnP8837Zp3Fh KstIBd+vWgPdHFg2G5aDIYUvrj9UJBvVgaN/RnkwE+dab2OBSg5jkr141JLQvzdZ 4mOUXn5D9Y6AH6tvj0+ubYMV6j35L1/ZXncuXPVYiylcmDp/6f2WYcT3gx9CPUYA cLMjQV4vX2W8z4uEPyMlIJuGsLf7KhvLL8BQ6zlncT6eONfUUX9UJUCzqI5rqL5c b5jWGHeKvbLWRyQnlq5PXQxJTwYRm71rJTgzejc33LE6Nqg/Q25Dgwwsv+f+7i73 gB5loc80Fef+FV9VFGalFe0Yq8m0UASmkYRh7MH5ssoibpeWk+SGfBjOV4tnsAwR yjYLpAzxA8HeDcmlLeypGEDmsQ/iUvXoGaKOYX4Ieg8T/PCAplsqnJUOq8hbkgOC 98gLZfiltkNG8YhQpoZIHj6SxmBRSc3K99CvanuOiQIzBBABCAAdFiEEfhcKBFyE z0YOK3mgEO952f2DUxIFAlu3JJsACgkQEO952f2DUxJ4qRAAmbjiO3WTAeBCB4ME p2N2+XQCMTTFURDGuJnqU/+X//fhhPRq4V/OxgisKFKlBcAS2hsECvg6HDVSz4Fl 74fk/y+botG4/CjMLdKPB9fgh5zz72i3q0hWDixt50NKBv8IIVWOyYgZxDU/vcks lMEnqbFgJX+CfdALpvAM4WjuQP0UMcKNE3xd+EdDhD1xjK3Tq4XfWob9q6aBZgL2 B4IaADCIeDDE1hv0agnSJmMJE7Bti8tNxCCxVRbZtOaxVHXdRUoOx2XTaxFXupxV hbpHRrdFrwq51f6e3bkfkNEZ3fzYpnlbynJ2zL++JO8P3Pq/S6UKEFjEB50i8YgK WuFvGUsQ+YiDgiZU4saqxSBWbfYn3lY6MSSTg8RnXbFIMG3CFImqYk1uhaV+bDjc p0htjzM2F98g7c3o7sWx0bGarId4uhOmpj7JJVQ+lu7Jby6Ocj8n//7qF1Nn11Cw QlCVaeAq5Y5DmZrnww9I3zzOWWyqFkAVCM3GqeRLMvplD6/+O+5FF7XoHzQB47nk OyZtawy/9gssPWZKLv4qHLYS0wGGCiNbCsYy90s3pfeafM0kSxxjIvEz21KT6LJI /awu2ErQFWCkDMFJ1p/97MjPrQ/6d4cPO140V/wyfuWaBiTVqa9mgnb2zn6fYfDH JEvl1UzIx3JCae25tty1+qtnS0i0LlN0ZXBoZW4gRmFycmVsbCA8c3RlcGhlbkB0 b2xlcmFudG5ldHdvcmtzLmNvbT6JAj0EEwEIACcFAlo9UVoCGwMFCQmUJgAFCwkI BwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+o7HBAAxHAdFkBGZ9gJK8w7 NUYS9C6enGYtAYoKH5G3Bn3YScjErNfQtHYb53KwBQpVSOv1HcN8hbQ8mLTgn9lt zNwNSuv0XxIswi807HRSIZ4vYDiS5VKV1YkLYK5bLY5O4alVdzqM+AZQqkuHBu63 6n+C0ED6UwLhVBFfSNvBQVAdoq6gvr+IE8rCIKTMNGwNcgVPbF+YxP7UZM6p7s2a 5MIqGw7URSfaqfuztibXGOBLFbSwLGqHSSnOXBfEeDrwdZ+ur8cXIIPRIeCTVmeO 8bGgpgBqNQXG9oyGN+TrYAC+4Ahi0UjCk7QGj8tf3xICKoQpYyfceNBZJ/969gV9 tVgvRxUjxUwc9kZbi0c8XYMTq5GCvBIh1D6BOW9QBM2SsNgG3l36+e3+c2LDdyKn 20C1IzGLVDdcCtz42/onQ/e9sMlzFrfLjs5SO2/TnLvp2JtsIQXyb/T5qd0GE5j8 /iwfZR+uVTVVEsUl1a+Yllzt6sdR7RIhhKpKaKzEAk4d0+VHdz7zEkQRRSjbPVoS fy8c/kld9Fi8Buna+ZkKpcwIW+D4XP83pGcl0XUv6AyqwS1LnEt+jv/+PSXskYtU Lzn8Z35iKkSAH/5Nz6GCZk6ORPNv/6+UI92BpUbu/G2tBwK8bPgAg+gJxBx3G7MK W7VRCmM5UrtAK9A3O70VjPyMkHSJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLC LAf/X/9vRTZWtwSXxiBCA54a6hg9IvW0mvPUqgXfvrhtOk0IFucLKrTXK8J/NcmU 6ulxOovVbQ+Bin6gtHeCmSa/W523g/NXCOuFTnS/MyVibNL4+RCFwqGysl++Cm+L nj1MmasE9kO+CNdervx8APfxV7D6OYrG4eGag+LdFR6VpJn6tRT0/WvyT8l+Oqiq gdhXHv+0MvkkD9TX5LlJW4VB/yRvWkkmL5N5c5zYh+NcfTPhQ5S9dOorVzrm65d6 Itn0937Ennau7s7fiFdA0BHjWqEAFLsBIXQfCFjjKjdsKA4xlSiX7X7ElmPYpWa5 wwTQ66dL0anMd9y1DJCMOHe4gYkCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9 g1MSBQJbtyScAAoJEBDvedn9g1MSY7sP+gKR0rFU1g+GtB+hSdtwPRbacvml2eL2 Jc5Eq37J9hAqxHyt5V0If7s8IyVA2GXgdfwULBWbXGDUDiUkh20OPQRUS8G9Sf8A WRuG25q5C8ZzWygykL88RKXJZDFtA49CeqO5Bq5syBhq4QfiSTffQHIp3h0boPGU hSBEUQpooMXYQClNARQ+z/uRzR5bUi9wxdXNnxTn9ia4ASlaBPvUYTGY1jW2HrRR SwpI12+UaWsvc3jJtQ8X0kxgJ7jsFF1uqquIZ5eflQv+PHHg2RJSy37u0UFGb+OK ZEkzlmbPokKCYhzBR5PcD6sgdlaJNcidmto9u1oV6yZT8J2W4CTuUclgxt6f3lZq ZeVLnNnbHyKUdeypwLlqYISulfnMhZ3A6Bgpf2BtjL6KJbFtPBYmYdxI+HZyY49u U2ZHhRu+CSQ1y7zGKSX0gRp5hE7+A4XJtsT6lTLhbi9aiZTG1S6zKNhl3qNNzszc r27PrvFiyGhpuYQuzdQl2PMGbOI6Ojif3sab53NO3RLsLOM09wIlr95yKLlkXkUr WcvUJGrw6HKm8j5opXHTwmJOAbDpc6cMDu+ITRu4spdCnQJcE8RkO8tKyaLuh2Gt U5kYSBK97yr5VviX1FK6rY14LLmnE16OPiK2tiVBKy9nGM0DKtY+K9WcoRZ7s/d7 O0bMfzcNPtGLuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiez GPuBHmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9Wf pHTD8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC 6T5MsK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2 D/zE4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFe A7PbTuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ /Vf3vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbpt PEcmoazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKr em5r+oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96 Z22fQ0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYgh x8b7Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQ oqj1gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P /1tF6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8 Wpfdn3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJ gx252HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5 SLjNJIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2 oKjwrIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtA ZAGsokRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIA ypqYo3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoM eDQkd0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS /qmUyXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZ IMhkvMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XO KVc3YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DJ121 -----END PGP PUBLIC KEY BLOCK----- --------------C61DF15AF967E70A7BEA0C52-- --Yf9vM7hK2PJqjyaNoRRROJ9fdfmnlvGZn-- --V4D42Bej17ojr9E8ww6xNCQiqVvyQDnq8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAlx1YJUACgkQWrL68XsX K+qMeg//ZG73PM2K1K92116KeQDOHWK8secL6K0vV+KqaRnnryPlSpeDCz6M90+0 5ZmqfXuBhympN5StEV0c6xLS0kIJI4MFfcS8kUfbZuoF//nNjp4jnWX2ElQRM/fn JqrLxJqM9SaCPIURDiYQR9LJiB5nsqWHOJNVcIRj4fXfL6/lyFlEPvRVcwZikxBw vI9YC8cXMSS/nmK7KAcsEkzsADLf53V9z5bXvo6FJNIyDHWdyBGG3V5itT4/lRlF hsDLJYa63fh78lmEeed14aTggKN0pZCsnoetH0a6HTHsPHgGvEe6BmOVTyagsEfq F2tFfYpgXpar+OyogyMoq6m3gxx1sM75v3PwpDUkgYL+t9aSHbZxh8Ahe0c6CTv9 mkc5cloFlA7YywpcdjFA44h3XXj4cO8Mkn3lXL80gTM+fI9EVCcZd+GDi3wBzBlr H5j8i/wmftQa4/G57GX1mu0ZHZuA7Ov/VBwNe6nyX0m8c+HDbyT4/CTCJL2fLg0K x7tZczTdXYMkAY/9MSNiGqQt3fz+QKctxM1Aeh6aKa1cjPDaQqXshVeWlFKsl8Gz Vy/CMwRaq/5BhlIPiWAFDezPmuKW7Kd8CTRhIo3gL/Oh/okahNi8TColanQXSFAW Ll8p9DDE96zBKWNA7CYw4dMksTbxwDDA6KpgyOlm6D/f88gCJhw= =mCX2 -----END PGP SIGNATURE----- --V4D42Bej17ojr9E8ww6xNCQiqVvyQDnq8-- From nobody Tue Feb 26 07:54:52 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71C80129532 for ; Tue, 26 Feb 2019 07:54:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=ZKlf/C6j; dkim=pass (1536-bit key) header.d=taugh.com header.b=uUUQi5Xx Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lx-XvmzqWQe6 for ; Tue, 26 Feb 2019 07:54:48 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 413EF128CB7 for ; Tue, 26 Feb 2019 07:54:47 -0800 (PST) Received: (qmail 13424 invoked from network); 26 Feb 2019 15:54:46 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=346d.5c756146.k1902; bh=oyRL0aLlAtrErYXRVu7BratYfrlSrA8xaKHQe5YPy4k=; b=ZKlf/C6jWBkgBicq9s49bPqgfmt/CNDGqNXI+qrTguPHgHGFWqaDx0R6kgtCA6EBT1VXjIGC4+eOsLWNGOdCRxG3bR8SQY9T/XJqBeAxeVbg9BMgh2SFZrW1cxh1tbrNtagrtlaCvA8MidtH8BVZUeYirPiBi5S1GN2sTLVJQubXzmr8eF6c0R1kIpvJY1q2VzAodFUYXAdWiNXfkF8zoPtX/GC81EEzZ87Zv6UigTJuBsVBIHojQJQuJs8hjZ4k DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=346d.5c756146.k1902; bh=oyRL0aLlAtrErYXRVu7BratYfrlSrA8xaKHQe5YPy4k=; b=uUUQi5XxNuLUHFwIJSqzuXdOchXXAFsIajAHzzUgiZZSMl2iNLpkZbY8bRL6TM+OnuzxU/2DSCPAmwpJvUeb46ZbHiS2cFipAft8OmXnF/Yl14Jw4GB5mNmnWHLpZ7d275SRE8RdrKjHRy6F+K1PMZU0WRW5v809JBoggGVvCgQ3h146ZX11GCSuHlOnhRncjRRhx1emFoYs0G+OJNayE4DH/Qw8r1OYcnjz8nkHoPoA//VNvcaBSR52MIv1ieKz Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 26 Feb 2019 15:54:46 -0000 Date: 26 Feb 2019 10:54:46 -0500 Message-ID: From: "John R Levine" To: "Stephen Farrell" Cc: Alexander_Brotman@comcast.com, dbound@ietf.org In-Reply-To: <72c13f04-0a5c-53b0-a980-5cfb69ea866d@cs.tcd.ie> References: <20190226032027.B52BE200EC0B38@ary.local> <250922de-26c5-da8d-0b25-c69bc6d56337@cs.tcd.ie> <72c13f04-0a5c-53b0-a980-5cfb69ea866d@cs.tcd.ie> User-Agent: Alpine 2.21 (OSX 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [dbound] [art] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Feb 2019 15:54:51 -0000 >> It does, but they don't prove anything that you wouldn't already know if >> you can look stuff up in the DNS. > > Not sure I agree. While I accept a signature doesn't > provide a strong "proof", it can provide evidence > that the primary is ok with the secondary claiming > that some relationship exists and that the primary > was involved in creation of the RR values. That's why the primary publishes a record pointing at the secondary. > If the above existed, we could in any case define a way > to digitally sign for the relationship separately, if > there was support for doing so, and that could be done > now or later. Once again, if you have the record pointing at the secondary, what does the signature get you? If you can hack the pointer record, you can hack the signature verification key, so they're equivalent. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly From nobody Tue Feb 26 08:02:38 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B81C128CB7 for ; Tue, 26 Feb 2019 08:02:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.301 X-Spam-Level: X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DX_avaFK-EHh for ; Tue, 26 Feb 2019 08:02:34 -0800 (PST) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 252101289FA for ; Tue, 26 Feb 2019 08:02:34 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 0DCB8BE55; Tue, 26 Feb 2019 16:02:32 +0000 (GMT) Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id koWjdYrNtYp9; Tue, 26 Feb 2019 16:02:31 +0000 (GMT) Received: from [134.226.36.93] (unknown [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id C408FBE53; Tue, 26 Feb 2019 16:02:31 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1551196951; bh=v1Q9HaqTdCCK9h3l9vOxygCyzPFgny4wAqz7Dzgbzsg=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=Ls/kAq439CjMJcqODwidO40jYQGIzUdJoMOOfbTfNC2RwsoyFS+S6uzNxvFqWgEdL 2JdfymQv3SrTAVkoAS5gvuqe+I9vZHjEwgYA6L6qR9Jv3L6pnNgEL2lXtJEASSWZ2j MIrHTdRw9OKYDya0Run6lKjwoJ8AHk4jEhJihCwk= To: John R Levine Cc: Alexander_Brotman@comcast.com, dbound@ietf.org References: <20190226032027.B52BE200EC0B38@ary.local> <250922de-26c5-da8d-0b25-c69bc6d56337@cs.tcd.ie> <72c13f04-0a5c-53b0-a980-5cfb69ea866d@cs.tcd.ie> From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <37f1c640-d7d3-ff09-ae27-450518171870@cs.tcd.ie> Date: Tue, 26 Feb 2019 16:02:30 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="7MOpbgCp21mzcEYkXj57ldWKrsjhWZz27" Archived-At: Subject: Re: [dbound] [art] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Feb 2019 16:02:37 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --7MOpbgCp21mzcEYkXj57ldWKrsjhWZz27 Content-Type: multipart/mixed; boundary="qM2053STZGJpP9sSJ95BN8BEqcMjur4f1"; protected-headers="v1" From: Stephen Farrell To: John R Levine Cc: Alexander_Brotman@comcast.com, dbound@ietf.org Message-ID: <37f1c640-d7d3-ff09-ae27-450518171870@cs.tcd.ie> Subject: Re: [dbound] [art] Related Domains By DNS (RDBD) Draft References: <20190226032027.B52BE200EC0B38@ary.local> <250922de-26c5-da8d-0b25-c69bc6d56337@cs.tcd.ie> <72c13f04-0a5c-53b0-a980-5cfb69ea866d@cs.tcd.ie> In-Reply-To: --qM2053STZGJpP9sSJ95BN8BEqcMjur4f1 Content-Type: multipart/mixed; boundary="------------D16CE150DC868C5DA77829A2" Content-Language: en-GB This is a multi-part message in MIME format. --------------D16CE150DC868C5DA77829A2 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 26/02/2019 15:54, John R Levine wrote: >> >=20 > Once again, if you have the record pointing at the secondary, what does= > the signature get you?=C2=A0 If you can hack the pointer record, you ca= n hack > the signature verification key, so they're equivalent. Not quite equivalent in all cases, no. It could be that an application has a copy of the public key from earlier and so can verify the signature without needing to fetch the public key. Or, perhaps the primary has DNSSEC but the 2ndary doesn't. So there are cases where a signature can add some value I think. That said, I wouldn't try oversell the value of such signatures - as you say, if neither has DNSSEC and the application is retrieving values at run-time with no other way of verifying the public key, then there is very little additional benefit in the signature. Cheers, S. --------------D16CE150DC868C5DA77829A2 Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5tDJTdGVwaGVuIEZhcnJlbGwgKDIwMTcp IDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJCZQmAAUL CQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1yw aps8HGUNhLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG +48od+Xn7qg6LT7GrHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXk kTFaSGYJj3yIP4R6IgwBYGMzDXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRr pZtXB1XQc23ZZmrlTkl2HaThL6w3YKdiTi1NbuMeOxZqtXcUshII45sANm4HuWNT iRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS3MmGgVS4ZoX8+VaPGpXdQVFy BMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml3OEuIQiP2ehRt/HV LMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi2/Jrsz6M zh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6 TzKjGjruq8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxIkBHAQQAQgABgUCWj1SoAAK CRAvPIc2gF+NovMcCACVZPo1cQa3D+vWaIo0ZyinO/MgtD2gHysoj1T0Qvq05//L ZXmhh578bJANvdl2g/HFhhwl/5HKIfWcyipQhmJklp/dsleKcNnn4B18T75RHY0G +po3ILq7evbiOjUH+xqApti1aCxi1GocsPghaLfsxmtXKMG4Xu7XhDTv66GOrqZf Y7+0ekJjD9Dza1t5NE/JR/VZA4B8PWR8Glb0+8C9rkjD0VZ5ekJdHPDGcJmFh8Z+ q25LDoI8Fgt1uKSowvoVnsQO5MFv/y6bXArtj1uB4hAL4JiOFgHlFdrW0MlFpvYm ziW4K9JHTD8KAfDbrb3e2W97ZDpROuYfE/lTbYOWiQI9BBMBCAAnBQJaPVAyAhsD BQkJlCYABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEFqy+vF7Fyvq0mkP/ius gsf6Z4/Tu+vHzBbl5i6oKI8ZieH8JfEgXx4ut9t7l3hBGC2r7DpR5A8zLMpEhGIK gFcHagksFkfLEE/FmWDfd1MysQafxBYrHaI27P2tkxfI5JYV6247TV39pQ93kGds tsjIrmh/zEJCVczoofxtz72BDt51H2Z8tN28F/YVHnbaGDwFEEzWKYpze87y/f36 ogcdGO6LDEEEIA6Ee0dGxleuKlLS4UDTt0zjo6L8TyiyPHp9C3+UfnP8837Zp3Fh KstIBd+vWgPdHFg2G5aDIYUvrj9UJBvVgaN/RnkwE+dab2OBSg5jkr141JLQvzdZ 4mOUXn5D9Y6AH6tvj0+ubYMV6j35L1/ZXncuXPVYiylcmDp/6f2WYcT3gx9CPUYA cLMjQV4vX2W8z4uEPyMlIJuGsLf7KhvLL8BQ6zlncT6eONfUUX9UJUCzqI5rqL5c b5jWGHeKvbLWRyQnlq5PXQxJTwYRm71rJTgzejc33LE6Nqg/Q25Dgwwsv+f+7i73 gB5loc80Fef+FV9VFGalFe0Yq8m0UASmkYRh7MH5ssoibpeWk+SGfBjOV4tnsAwR yjYLpAzxA8HeDcmlLeypGEDmsQ/iUvXoGaKOYX4Ieg8T/PCAplsqnJUOq8hbkgOC 98gLZfiltkNG8YhQpoZIHj6SxmBRSc3K99CvanuOiQIzBBABCAAdFiEEfhcKBFyE z0YOK3mgEO952f2DUxIFAlu3JJsACgkQEO952f2DUxJ4qRAAmbjiO3WTAeBCB4ME p2N2+XQCMTTFURDGuJnqU/+X//fhhPRq4V/OxgisKFKlBcAS2hsECvg6HDVSz4Fl 74fk/y+botG4/CjMLdKPB9fgh5zz72i3q0hWDixt50NKBv8IIVWOyYgZxDU/vcks lMEnqbFgJX+CfdALpvAM4WjuQP0UMcKNE3xd+EdDhD1xjK3Tq4XfWob9q6aBZgL2 B4IaADCIeDDE1hv0agnSJmMJE7Bti8tNxCCxVRbZtOaxVHXdRUoOx2XTaxFXupxV hbpHRrdFrwq51f6e3bkfkNEZ3fzYpnlbynJ2zL++JO8P3Pq/S6UKEFjEB50i8YgK WuFvGUsQ+YiDgiZU4saqxSBWbfYn3lY6MSSTg8RnXbFIMG3CFImqYk1uhaV+bDjc p0htjzM2F98g7c3o7sWx0bGarId4uhOmpj7JJVQ+lu7Jby6Ocj8n//7qF1Nn11Cw QlCVaeAq5Y5DmZrnww9I3zzOWWyqFkAVCM3GqeRLMvplD6/+O+5FF7XoHzQB47nk OyZtawy/9gssPWZKLv4qHLYS0wGGCiNbCsYy90s3pfeafM0kSxxjIvEz21KT6LJI /awu2ErQFWCkDMFJ1p/97MjPrQ/6d4cPO140V/wyfuWaBiTVqa9mgnb2zn6fYfDH JEvl1UzIx3JCae25tty1+qtnS0i0LlN0ZXBoZW4gRmFycmVsbCA8c3RlcGhlbkB0 b2xlcmFudG5ldHdvcmtzLmNvbT6JAj0EEwEIACcFAlo9UVoCGwMFCQmUJgAFCwkI BwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+o7HBAAxHAdFkBGZ9gJK8w7 NUYS9C6enGYtAYoKH5G3Bn3YScjErNfQtHYb53KwBQpVSOv1HcN8hbQ8mLTgn9lt zNwNSuv0XxIswi807HRSIZ4vYDiS5VKV1YkLYK5bLY5O4alVdzqM+AZQqkuHBu63 6n+C0ED6UwLhVBFfSNvBQVAdoq6gvr+IE8rCIKTMNGwNcgVPbF+YxP7UZM6p7s2a 5MIqGw7URSfaqfuztibXGOBLFbSwLGqHSSnOXBfEeDrwdZ+ur8cXIIPRIeCTVmeO 8bGgpgBqNQXG9oyGN+TrYAC+4Ahi0UjCk7QGj8tf3xICKoQpYyfceNBZJ/969gV9 tVgvRxUjxUwc9kZbi0c8XYMTq5GCvBIh1D6BOW9QBM2SsNgG3l36+e3+c2LDdyKn 20C1IzGLVDdcCtz42/onQ/e9sMlzFrfLjs5SO2/TnLvp2JtsIQXyb/T5qd0GE5j8 /iwfZR+uVTVVEsUl1a+Yllzt6sdR7RIhhKpKaKzEAk4d0+VHdz7zEkQRRSjbPVoS fy8c/kld9Fi8Buna+ZkKpcwIW+D4XP83pGcl0XUv6AyqwS1LnEt+jv/+PSXskYtU Lzn8Z35iKkSAH/5Nz6GCZk6ORPNv/6+UI92BpUbu/G2tBwK8bPgAg+gJxBx3G7MK W7VRCmM5UrtAK9A3O70VjPyMkHSJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLC LAf/X/9vRTZWtwSXxiBCA54a6hg9IvW0mvPUqgXfvrhtOk0IFucLKrTXK8J/NcmU 6ulxOovVbQ+Bin6gtHeCmSa/W523g/NXCOuFTnS/MyVibNL4+RCFwqGysl++Cm+L nj1MmasE9kO+CNdervx8APfxV7D6OYrG4eGag+LdFR6VpJn6tRT0/WvyT8l+Oqiq gdhXHv+0MvkkD9TX5LlJW4VB/yRvWkkmL5N5c5zYh+NcfTPhQ5S9dOorVzrm65d6 Itn0937Ennau7s7fiFdA0BHjWqEAFLsBIXQfCFjjKjdsKA4xlSiX7X7ElmPYpWa5 wwTQ66dL0anMd9y1DJCMOHe4gYkCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9 g1MSBQJbtyScAAoJEBDvedn9g1MSY7sP+gKR0rFU1g+GtB+hSdtwPRbacvml2eL2 Jc5Eq37J9hAqxHyt5V0If7s8IyVA2GXgdfwULBWbXGDUDiUkh20OPQRUS8G9Sf8A WRuG25q5C8ZzWygykL88RKXJZDFtA49CeqO5Bq5syBhq4QfiSTffQHIp3h0boPGU hSBEUQpooMXYQClNARQ+z/uRzR5bUi9wxdXNnxTn9ia4ASlaBPvUYTGY1jW2HrRR SwpI12+UaWsvc3jJtQ8X0kxgJ7jsFF1uqquIZ5eflQv+PHHg2RJSy37u0UFGb+OK ZEkzlmbPokKCYhzBR5PcD6sgdlaJNcidmto9u1oV6yZT8J2W4CTuUclgxt6f3lZq ZeVLnNnbHyKUdeypwLlqYISulfnMhZ3A6Bgpf2BtjL6KJbFtPBYmYdxI+HZyY49u U2ZHhRu+CSQ1y7zGKSX0gRp5hE7+A4XJtsT6lTLhbi9aiZTG1S6zKNhl3qNNzszc r27PrvFiyGhpuYQuzdQl2PMGbOI6Ojif3sab53NO3RLsLOM09wIlr95yKLlkXkUr WcvUJGrw6HKm8j5opXHTwmJOAbDpc6cMDu+ITRu4spdCnQJcE8RkO8tKyaLuh2Gt U5kYSBK97yr5VviX1FK6rY14LLmnE16OPiK2tiVBKy9nGM0DKtY+K9WcoRZ7s/d7 O0bMfzcNPtGLuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiez GPuBHmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9Wf pHTD8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC 6T5MsK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2 D/zE4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFe A7PbTuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ /Vf3vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbpt PEcmoazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKr em5r+oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96 Z22fQ0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYgh x8b7Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQ oqj1gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P /1tF6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8 Wpfdn3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJ gx252HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5 SLjNJIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2 oKjwrIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtA ZAGsokRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIA ypqYo3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoM eDQkd0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS /qmUyXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZ IMhkvMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XO KVc3YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DJ121 -----END PGP PUBLIC KEY BLOCK----- --------------D16CE150DC868C5DA77829A2-- --qM2053STZGJpP9sSJ95BN8BEqcMjur4f1-- --7MOpbgCp21mzcEYkXj57ldWKrsjhWZz27 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAlx1YxYACgkQWrL68XsX K+p5Yg//U7Cf47qGDBjthWyuQsmP/P/6XR5vDj6Zg0oonMOKeUFtVVHneL+N+6u2 m8OCS3eCPnH/64L0l85U3/KBh4UEXGdD3uWkSknhY5wKbJT2bVf9H+GbJEJhZiA6 0fh841aCK9m0BoL0Q8sPH5GUzWmyY3xBB6VEjWbhRqHjQfNWoILp3Juvl38vvOmP Lfq1LQXf0fyUxzPOJRKans3JVhjGjd+YGsTLcTe4nLlRXF5UjopGFxHk1lgJUknS 7EUmL+yACnmu/UyB7Qqufm9g7sxdAt2A2eKyMrbZc+hc2kH2gqjgmM8dywqVDhak qYvFu90CR6H4C2yUb6jyjax57gSeos+njlkVBNFXP2q+d/fuAhSU7fNmx/7b5K0k PLYPl8ETSAovxdKednEb+Rf7/WMtiPLnAiIDNAS6FDNv5SnMtmIkZGdqv9gzMv+t FVk/r937jwwbhcHMtVdKrKirJ/qOR/VtX4efPEXynElynfWWRTNdqXu6SpYp4w4D 0topfvWNDVL3GMHMAJ/E0rz50KZXaUZQA7u+9lklSO0wBnomWXImQQMJZIgRwJGX 6rZMHaGKzZ9+pOOIdZ13Jipm6znxD0S3rOhQbRijcOTdnTVlP0EqExqGvSJGx+Nx Iuu3eQiGFTKZuLWGQvqDssDqKjNOK/GshbccDbUglvHdMCzxCCQ= =0YPf -----END PGP SIGNATURE----- --7MOpbgCp21mzcEYkXj57ldWKrsjhWZz27-- From nobody Tue Feb 26 13:15:17 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5A1B130E96 for ; Tue, 26 Feb 2019 13:15:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umich.edu Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wmXzW_9PxZlu for ; Tue, 26 Feb 2019 13:15:13 -0800 (PST) Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com [IPv6:2a00:1450:4864:20::136]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E114A129A85 for ; Tue, 26 Feb 2019 13:15:12 -0800 (PST) Received: by mail-lf1-x136.google.com with SMTP id m73so5216720lfa.2 for ; Tue, 26 Feb 2019 13:15:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=OcFeJ8sbe7K2oT4ssul2n7Vc0+Lrec3nlg0w/eatZYM=; b=Wdbn36hqaKqshOH6mXq7rvewbgS1ubQox6Q1BHcnuZYYEJKSrrpuo+3b4zgEAJ95AX nxCAEzE4ha6p0S3nWZtHWjN9O4boLdGhya6QGqRLhBoG3CSfYOPr8NTcDYomiL/+XavS iFlFUGVmuP5eA27vYVIQaeT3vWLG74Dy6lB/3yvW09aqsr1xLEdjdKkQ0iuxnuf4YqfE MHPXpzs/l0BqtCAhxOj06ROJdMjrm4zJ5sHHiNIBIKORUWS01mWGTLT5kpUBtF8QMP70 QvJca3JoEWbzszv8CeZuK/Kdgcu7gP3jNh+eS9hzTNgrvy1OKFkWhJY2vWST4S3vNYk0 0XSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=OcFeJ8sbe7K2oT4ssul2n7Vc0+Lrec3nlg0w/eatZYM=; b=VL3uef2B/ExRQKodd/l9+oICLG0HG+Rz5Eg/IFDwfdCakXXLnqwdAFahbX4X0wVcI8 FFa2M/3wbM/0X02oDBDzX9jQj4mlJppUPxzIeIuhSKYjY1j5jm8u3/aDvop/wOpwlr5k ORCO2yTn2QCbUoyw0noM9wwS3WpgSc8qW5Xq3U+qCZpNSwfR6OQxv3CBRN5LAezUxNOW iSy+SIyEbPQ+WBPlKnZxGG0ls6MC1H2GTT8CE0p7kYsGrNOno0HQvgVZ7HUu5Ngkt+vH 2fx6IU/gnlqqGQLdia7Ph3A3DuhctSsV56umxahyLUwaMG3QCOFG/MFeJk6PobUxdmY8 2ISg== X-Gm-Message-State: AHQUAuYQMZckXFiYW0y4T4AUwVU/1CeEt+4aipK938gz94VgnpGnhDiM ERoJ6o0MObwRCDHVWWEvO7VOrL3KJ2cvZpLtGSbDO+fpTP0= X-Google-Smtp-Source: AHgI3IYbc/vnHHrbTm++n3nu6vasXpDBK2AOp2oN5mX1Frq8SEI0gfORAchhBnP9sjSyAF3iGK+IWoD397CLdmkLin0= X-Received: by 2002:a19:4d08:: with SMTP id a8mr10851146lfb.14.1551215710090; Tue, 26 Feb 2019 13:15:10 -0800 (PST) MIME-Version: 1.0 References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> In-Reply-To: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> From: Bob Harold Date: Tue, 26 Feb 2019 16:14:59 -0500 Message-ID: To: "dbound@ietf.org" Content-Type: multipart/alternative; boundary="0000000000005ecf2d0582d28d8a" Archived-At: Subject: Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Feb 2019 21:15:16 -0000 --0000000000005ecf2d0582d28d8a Content-Type: text/plain; charset="UTF-8" On Mon, Feb 25, 2019 at 3:38 PM Brotman, Alexander < Alexander_Brotman@comcast.com> wrote: > Hello, > > Stephen and I have spent a bit of time working on a draft to be able to > show a relationship between two domains. We're aware this subject has been > covered a few times previously, especially in the DBOUND drafts, but we're > hopeful that a more simple approach might be more acceptable. The > secondary domain will create a DNS record that shows a link to a primary > domain, and the text should be able to be validated using the public key in > a DNS record the primary domain shares. This is something akin to DKIM, a > mechanism that the email world uses to ensure the contents of a message > have not been tampered with. > > https://datatracker.ietf.org/doc/draft-brotman-rdbd/ > > We'll request that replies relating to this be sent to the dbound@ietf.org > due to the nature of the topic, but it was suggested that we might want to > notify a few other lists for their awareness. Thank you for your > participation and comments. > > -- > Alex Brotman > Sr. Engineer, Anti-Abuse & Messaging Policy > Comcast > > The concept looks reasonable to me. Both parent and secondary zones should use the "_rdbd" sub-domain for the TXT records. Please do not put TXT records directly on the main domain - too many different things are already doing that. Please update section "2. DNS Record for Secondary Domain" to make that clear. Also, please keep an eye on https://datatracker.ietf.org/doc/draft-ietf-dnsop-attrleaf and add a section to your rfc to add "_rdbd" to the registry, once it exists. -- Bob Harold --0000000000005ecf2d0582d28d8a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

On Mon, Feb 25, 2019 at 3:38 PM Brotman, Alexander &l= t;Alexan= der_Brotman@comcast.com> wrote:
Hello,

Stephen and I have spent a bit of time working on a draft to be able to sho= w a relationship between two domains.=C2=A0 We're aware this subject ha= s been covered a few times previously, especially in the DBOUND drafts, but= we're hopeful that a more simple approach might be more acceptable.=C2= =A0 =C2=A0The secondary domain will create a DNS record that shows a link t= o a primary domain, and the text should be able to be validated using the p= ublic key in a DNS record the primary domain shares.=C2=A0 This is somethin= g akin to DKIM, a mechanism that the email world uses to ensure the content= s of a message have not been tampered with.

https://datatracker.ietf.org/doc/draft-brotman-r= dbd/

We'll request that replies relating to this be sent to the dbound@ietf.org due to the nat= ure of the topic, but it was suggested that we might want to notify a few o= ther lists for their awareness.=C2=A0 Thank you for your participation and = comments.

--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast


The concept looks reasonabl= e to me.

Both parent and secondary zones should use the= "_rdbd" sub-domain for the TXT records.=C2=A0 Please do not put = TXT records directly on the main domain - too many different things are alr= eady doing that.=C2=A0 Please update section "2.=C2=A0 DNS Record for = Secondary Domain" to make that clear.

Also, please keep an eye = on=C2=A0
https://datatracker.ietf.org/doc/draft= -ietf-dnsop-attrleaf
and add a section = to your rfc to add "_rdbd" to the registry, once it exists.
=C2=A0--
Bob Harold
=C2=A0
--0000000000005ecf2d0582d28d8a-- From nobody Tue Feb 26 14:07:13 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35CDA12D826 for ; Tue, 26 Feb 2019 14:07:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.301 X-Spam-Level: X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8rTCnDgH_k3M for ; Tue, 26 Feb 2019 14:07:08 -0800 (PST) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E25212D4EF for ; Tue, 26 Feb 2019 14:07:07 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id DE509BE55; Tue, 26 Feb 2019 22:07:05 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AEyaSE3F5H3Z; Tue, 26 Feb 2019 22:07:02 +0000 (GMT) Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id E3556BE24; Tue, 26 Feb 2019 22:07:01 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1551218822; bh=UsdCtWS/1wx97ZWTFychE4/ouRMArMj8sG43XcDtNxc=; h=Subject:To:References:From:Date:In-Reply-To:From; b=0HPZzIL+fI1FWnIe9LlAfF6MLUp/EDwLqdDbYnF4bNPlFwHGxw/nmW9thjQ18cley YqTAFkW1QxvTWUDc46TWo+9uZGdC0ecrP6otE8X3WuN6sMJD3F9DHpZPkLMpiCCFTZ +5KfD3LgsLfLNxkHZSayFvVVqZFzCh+RNRwvIxcw= To: Bob Harold , "dbound@ietf.org" References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: Date: Tue, 26 Feb 2019 22:07:01 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="VXKuRRExKZ5FL3EsUzEViNzQxjkZRYG6z" Archived-At: Subject: Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Feb 2019 22:07:11 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --VXKuRRExKZ5FL3EsUzEViNzQxjkZRYG6z Content-Type: multipart/mixed; boundary="ljtrPUCaHROURUOdNrUD7WsU0x2pqfu6y"; protected-headers="v1" From: Stephen Farrell To: Bob Harold , "dbound@ietf.org" Message-ID: Subject: Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> In-Reply-To: --ljtrPUCaHROURUOdNrUD7WsU0x2pqfu6y Content-Type: multipart/mixed; boundary="------------11D0C967684D6D7FA079E2B6" Content-Language: en-GB This is a multi-part message in MIME format. --------------11D0C967684D6D7FA079E2B6 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 26/02/2019 21:14, Bob Harold wrote: > On Mon, Feb 25, 2019 at 3:38 PM Brotman, Alexander < > Alexander_Brotman@comcast.com> wrote: >=20 >> Hello, >> >> Stephen and I have spent a bit of time working on a draft to be able t= o >> show a relationship between two domains. We're aware this subject has= been >> covered a few times previously, especially in the DBOUND drafts, but w= e're >> hopeful that a more simple approach might be more acceptable. The >> secondary domain will create a DNS record that shows a link to a prima= ry >> domain, and the text should be able to be validated using the public k= ey in >> a DNS record the primary domain shares. This is something akin to DKI= M, a >> mechanism that the email world uses to ensure the contents of a messag= e >> have not been tampered with. >> >> https://datatracker.ietf.org/doc/draft-brotman-rdbd/ >> >> We'll request that replies relating to this be sent to the dbound@ietf= =2Eorg >> due to the nature of the topic, but it was suggested that we might wan= t to >> notify a few other lists for their awareness. Thank you for your >> participation and comments. >> >> -- >> Alex Brotman >> Sr. Engineer, Anti-Abuse & Messaging Policy >> Comcast >> >> > The concept looks reasonable to me. >=20 > Both parent and secondary zones should use the "_rdbd" sub-domain for t= he > TXT records. Please do not put TXT records directly on the main domain= - > too many different things are already doing that. Please update sectio= n > "2. DNS Record for Secondary Domain" to make that clear. Good point thanks. I've added a note to the github version. [1] > Also, please keep an eye on > https://datatracker.ietf.org/doc/draft-ietf-dnsop-attrleaf > and add a section to your rfc to add "_rdbd" to the registry, once it > exists. I did the same for that. Thanks, S. [1] https://github.com/abrotman/related-domains-by-dns/blob/master/rdbd.t= xt >=20 > -- > Bob Harold >=20 >=20 > _______________________________________________ > dbound mailing list > dbound@ietf.org > https://www.ietf.org/mailman/listinfo/dbound >=20 --------------11D0C967684D6D7FA079E2B6 Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5tDJTdGVwaGVuIEZhcnJlbGwgKDIwMTcp IDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJCZQmAAUL CQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1yw aps8HGUNhLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG +48od+Xn7qg6LT7GrHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXk kTFaSGYJj3yIP4R6IgwBYGMzDXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRr pZtXB1XQc23ZZmrlTkl2HaThL6w3YKdiTi1NbuMeOxZqtXcUshII45sANm4HuWNT iRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS3MmGgVS4ZoX8+VaPGpXdQVFy BMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml3OEuIQiP2ehRt/HV LMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi2/Jrsz6M zh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6 TzKjGjruq8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxIkBHAQQAQgABgUCWj1SoAAK CRAvPIc2gF+NovMcCACVZPo1cQa3D+vWaIo0ZyinO/MgtD2gHysoj1T0Qvq05//L ZXmhh578bJANvdl2g/HFhhwl/5HKIfWcyipQhmJklp/dsleKcNnn4B18T75RHY0G +po3ILq7evbiOjUH+xqApti1aCxi1GocsPghaLfsxmtXKMG4Xu7XhDTv66GOrqZf Y7+0ekJjD9Dza1t5NE/JR/VZA4B8PWR8Glb0+8C9rkjD0VZ5ekJdHPDGcJmFh8Z+ q25LDoI8Fgt1uKSowvoVnsQO5MFv/y6bXArtj1uB4hAL4JiOFgHlFdrW0MlFpvYm ziW4K9JHTD8KAfDbrb3e2W97ZDpROuYfE/lTbYOWiQI9BBMBCAAnBQJaPVAyAhsD BQkJlCYABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEFqy+vF7Fyvq0mkP/ius gsf6Z4/Tu+vHzBbl5i6oKI8ZieH8JfEgXx4ut9t7l3hBGC2r7DpR5A8zLMpEhGIK gFcHagksFkfLEE/FmWDfd1MysQafxBYrHaI27P2tkxfI5JYV6247TV39pQ93kGds tsjIrmh/zEJCVczoofxtz72BDt51H2Z8tN28F/YVHnbaGDwFEEzWKYpze87y/f36 ogcdGO6LDEEEIA6Ee0dGxleuKlLS4UDTt0zjo6L8TyiyPHp9C3+UfnP8837Zp3Fh KstIBd+vWgPdHFg2G5aDIYUvrj9UJBvVgaN/RnkwE+dab2OBSg5jkr141JLQvzdZ 4mOUXn5D9Y6AH6tvj0+ubYMV6j35L1/ZXncuXPVYiylcmDp/6f2WYcT3gx9CPUYA cLMjQV4vX2W8z4uEPyMlIJuGsLf7KhvLL8BQ6zlncT6eONfUUX9UJUCzqI5rqL5c b5jWGHeKvbLWRyQnlq5PXQxJTwYRm71rJTgzejc33LE6Nqg/Q25Dgwwsv+f+7i73 gB5loc80Fef+FV9VFGalFe0Yq8m0UASmkYRh7MH5ssoibpeWk+SGfBjOV4tnsAwR yjYLpAzxA8HeDcmlLeypGEDmsQ/iUvXoGaKOYX4Ieg8T/PCAplsqnJUOq8hbkgOC 98gLZfiltkNG8YhQpoZIHj6SxmBRSc3K99CvanuOiQIzBBABCAAdFiEEfhcKBFyE z0YOK3mgEO952f2DUxIFAlu3JJsACgkQEO952f2DUxJ4qRAAmbjiO3WTAeBCB4ME p2N2+XQCMTTFURDGuJnqU/+X//fhhPRq4V/OxgisKFKlBcAS2hsECvg6HDVSz4Fl 74fk/y+botG4/CjMLdKPB9fgh5zz72i3q0hWDixt50NKBv8IIVWOyYgZxDU/vcks lMEnqbFgJX+CfdALpvAM4WjuQP0UMcKNE3xd+EdDhD1xjK3Tq4XfWob9q6aBZgL2 B4IaADCIeDDE1hv0agnSJmMJE7Bti8tNxCCxVRbZtOaxVHXdRUoOx2XTaxFXupxV hbpHRrdFrwq51f6e3bkfkNEZ3fzYpnlbynJ2zL++JO8P3Pq/S6UKEFjEB50i8YgK WuFvGUsQ+YiDgiZU4saqxSBWbfYn3lY6MSSTg8RnXbFIMG3CFImqYk1uhaV+bDjc p0htjzM2F98g7c3o7sWx0bGarId4uhOmpj7JJVQ+lu7Jby6Ocj8n//7qF1Nn11Cw QlCVaeAq5Y5DmZrnww9I3zzOWWyqFkAVCM3GqeRLMvplD6/+O+5FF7XoHzQB47nk OyZtawy/9gssPWZKLv4qHLYS0wGGCiNbCsYy90s3pfeafM0kSxxjIvEz21KT6LJI /awu2ErQFWCkDMFJ1p/97MjPrQ/6d4cPO140V/wyfuWaBiTVqa9mgnb2zn6fYfDH JEvl1UzIx3JCae25tty1+qtnS0i0LlN0ZXBoZW4gRmFycmVsbCA8c3RlcGhlbkB0 b2xlcmFudG5ldHdvcmtzLmNvbT6JAj0EEwEIACcFAlo9UVoCGwMFCQmUJgAFCwkI BwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+o7HBAAxHAdFkBGZ9gJK8w7 NUYS9C6enGYtAYoKH5G3Bn3YScjErNfQtHYb53KwBQpVSOv1HcN8hbQ8mLTgn9lt zNwNSuv0XxIswi807HRSIZ4vYDiS5VKV1YkLYK5bLY5O4alVdzqM+AZQqkuHBu63 6n+C0ED6UwLhVBFfSNvBQVAdoq6gvr+IE8rCIKTMNGwNcgVPbF+YxP7UZM6p7s2a 5MIqGw7URSfaqfuztibXGOBLFbSwLGqHSSnOXBfEeDrwdZ+ur8cXIIPRIeCTVmeO 8bGgpgBqNQXG9oyGN+TrYAC+4Ahi0UjCk7QGj8tf3xICKoQpYyfceNBZJ/969gV9 tVgvRxUjxUwc9kZbi0c8XYMTq5GCvBIh1D6BOW9QBM2SsNgG3l36+e3+c2LDdyKn 20C1IzGLVDdcCtz42/onQ/e9sMlzFrfLjs5SO2/TnLvp2JtsIQXyb/T5qd0GE5j8 /iwfZR+uVTVVEsUl1a+Yllzt6sdR7RIhhKpKaKzEAk4d0+VHdz7zEkQRRSjbPVoS fy8c/kld9Fi8Buna+ZkKpcwIW+D4XP83pGcl0XUv6AyqwS1LnEt+jv/+PSXskYtU Lzn8Z35iKkSAH/5Nz6GCZk6ORPNv/6+UI92BpUbu/G2tBwK8bPgAg+gJxBx3G7MK W7VRCmM5UrtAK9A3O70VjPyMkHSJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLC LAf/X/9vRTZWtwSXxiBCA54a6hg9IvW0mvPUqgXfvrhtOk0IFucLKrTXK8J/NcmU 6ulxOovVbQ+Bin6gtHeCmSa/W523g/NXCOuFTnS/MyVibNL4+RCFwqGysl++Cm+L nj1MmasE9kO+CNdervx8APfxV7D6OYrG4eGag+LdFR6VpJn6tRT0/WvyT8l+Oqiq gdhXHv+0MvkkD9TX5LlJW4VB/yRvWkkmL5N5c5zYh+NcfTPhQ5S9dOorVzrm65d6 Itn0937Ennau7s7fiFdA0BHjWqEAFLsBIXQfCFjjKjdsKA4xlSiX7X7ElmPYpWa5 wwTQ66dL0anMd9y1DJCMOHe4gYkCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9 g1MSBQJbtyScAAoJEBDvedn9g1MSY7sP+gKR0rFU1g+GtB+hSdtwPRbacvml2eL2 Jc5Eq37J9hAqxHyt5V0If7s8IyVA2GXgdfwULBWbXGDUDiUkh20OPQRUS8G9Sf8A WRuG25q5C8ZzWygykL88RKXJZDFtA49CeqO5Bq5syBhq4QfiSTffQHIp3h0boPGU hSBEUQpooMXYQClNARQ+z/uRzR5bUi9wxdXNnxTn9ia4ASlaBPvUYTGY1jW2HrRR SwpI12+UaWsvc3jJtQ8X0kxgJ7jsFF1uqquIZ5eflQv+PHHg2RJSy37u0UFGb+OK ZEkzlmbPokKCYhzBR5PcD6sgdlaJNcidmto9u1oV6yZT8J2W4CTuUclgxt6f3lZq ZeVLnNnbHyKUdeypwLlqYISulfnMhZ3A6Bgpf2BtjL6KJbFtPBYmYdxI+HZyY49u U2ZHhRu+CSQ1y7zGKSX0gRp5hE7+A4XJtsT6lTLhbi9aiZTG1S6zKNhl3qNNzszc r27PrvFiyGhpuYQuzdQl2PMGbOI6Ojif3sab53NO3RLsLOM09wIlr95yKLlkXkUr WcvUJGrw6HKm8j5opXHTwmJOAbDpc6cMDu+ITRu4spdCnQJcE8RkO8tKyaLuh2Gt U5kYSBK97yr5VviX1FK6rY14LLmnE16OPiK2tiVBKy9nGM0DKtY+K9WcoRZ7s/d7 O0bMfzcNPtGLuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiez GPuBHmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9Wf pHTD8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC 6T5MsK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2 D/zE4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFe A7PbTuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ /Vf3vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbpt PEcmoazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKr em5r+oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96 Z22fQ0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYgh x8b7Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQ oqj1gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P /1tF6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8 Wpfdn3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJ gx252HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5 SLjNJIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2 oKjwrIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtA ZAGsokRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIA ypqYo3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoM eDQkd0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS /qmUyXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZ IMhkvMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XO KVc3YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DJ121 -----END PGP PUBLIC KEY BLOCK----- --------------11D0C967684D6D7FA079E2B6-- --ljtrPUCaHROURUOdNrUD7WsU0x2pqfu6y-- --VXKuRRExKZ5FL3EsUzEViNzQxjkZRYG6z Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAlx1uIUACgkQWrL68XsX K+pXWxAAhDzsL2pci/A/k1uOn0t01Qymr1vSVida7B943GZ8yHUL/eSTZ1kiWqSO g23dmfjIijJC94WCAI34AgMb7MWHloIM5yfLscygWXRlNz8IqEMjIEL8z2B8s8yF qrc7a/9BdpWgq60vtLU5bjJ9b3UXHtiozt/CkIaLDOUYXsGyJRM4x6Sesff9sQ51 TfR0QDOAQ2D5NMvWi63XDXxn9H99S2rwUkdjsDIt+MeNpbfqs92xzVP2nUU2x6az 4vhJ8V5RDyRpIRgDXrhWOER5d+Ma8/web5dpOvbArXAR4ul+qql5tzJIv1U/f5Rd NRQNrsFaJX8vmlLImcnwR3qqaLTC8AHRel5wSAEb7SkOD+dFCf33vb7fziEP641i oL3A3GTdEDW7Ma4yB0TNZlXcutk1KqRm7qxyt1t2opkDNlhV5uJy5dwVJjgUUA41 lrQDu3BGG3qn1vtOs/jqkJ6Cu5cOpA4aq1FCN04OV3wtgcYnkO/ojNf0E0syfxSq KEpyaQ8LbC0RR3E/sEgi3ZCQQgBVIQHdcyla0xHMnSnK7yzkhmZOV18UJCNS1CbP ItTNrhfGCEYFlcy8SkAq0R4uMoWvLW/lmUGWE/CxMDT/3NDODWQtM/vAKae1oJBY lDlt45c0/kbzOr3xrL0PcWCSh2ttk+5sZK7wg9uxatyblPIdUm8= =XB4o -----END PGP SIGNATURE----- --VXKuRRExKZ5FL3EsUzEViNzQxjkZRYG6z-- From nobody Wed Feb 27 06:25:04 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49ADD130DE7; Wed, 27 Feb 2019 06:24:56 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ptjTfm2Xre0h; Wed, 27 Feb 2019 06:24:54 -0800 (PST) Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D01041200B3; Wed, 27 Feb 2019 06:24:53 -0800 (PST) Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 448dHQ47dFz39p; Wed, 27 Feb 2019 15:24:50 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1551277490; bh=+3wPxJ4v8GjHMfN4jdJ3XBpIU0Sc7JsSPgeKXrDsWB4=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=j0XWH8nJx5v9eGCW4VGBA1kQvQuWyJP2aLbt+ocIMJlSJZ/ITvz0m8S+uKsDnNSz3 GlWSgFoVREBO/FTQm68iMM4rTsWxd061ehDPhR2R1s167FGHXgZQoSiCp81LCLqGev zUWbfYAnE5gHztJMYyveTtgDljOQ4VTwsoGfai3k= X-Virus-Scanned: amavisd-new at mx.nohats.ca Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id J2jDfGCKtnkd; Wed, 27 Feb 2019 15:24:48 +0100 (CET) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 27 Feb 2019 15:24:47 +0100 (CET) Received: by bofh.nohats.ca (Postfix, from userid 1000) id D874AA7E0C; Wed, 27 Feb 2019 09:24:46 -0500 (EST) DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca D874AA7E0C Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id CEEA240D358A; Wed, 27 Feb 2019 09:24:46 -0500 (EST) Date: Wed, 27 Feb 2019 09:24:46 -0500 (EST) From: Paul Wouters To: "Brotman, Alexander" cc: "art@ietf.org" , "dbound@ietf.org" , "dnsop@ietf.org" , Stephen Farrell In-Reply-To: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> Message-ID: References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2019 14:24:56 -0000 On Mon, 25 Feb 2019, Brotman, Alexander wrote: > Stephen and I have spent a bit of time working on a draft to be able to show a relationship between two domains. We're aware this subject has been covered a few times previously, especially in the DBOUND drafts, but we're hopeful that a more simple approach might be more acceptable. The secondary domain will create a DNS record that shows a link to a primary domain, and the text should be able to be validated using the public key in a DNS record the primary domain shares. This is something akin to DKIM, a mechanism that the email world uses to ensure the contents of a message have not been tampered with. > > https://datatracker.ietf.org/doc/draft-brotman-rdbd/ I've read the draft, and I have my usual complaints. If we put stuff into the DNS for security decisions, saying "its better if you use this data when it is DNSSEC signed" is just too weak. We are splashing TOFU everywhere and putting CT bandaids on it. It's long overdue that we stop with that. Just require DNSSEC. And if you require DNSSEC validation, then the solution becomes much simpler and could be encoded in a single bit, see: https://tools.ietf.org/html/draft-pwouters-powerbind Paul From nobody Wed Feb 27 07:32:19 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43280130FDB; Wed, 27 Feb 2019 07:32:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EiL5m6Bu8eE1; Wed, 27 Feb 2019 07:32:15 -0800 (PST) Received: from pacdcmhout01.cable.comcast.com (PACDCMHOUT01.cable.comcast.com [68.87.31.167]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5725A1200B3; Wed, 27 Feb 2019 07:32:15 -0800 (PST) X-AuditID: 44571fa7-9f3ff70000021550-f4-5c76ad7e8e4f Received: from PACDCEX23.cable.comcast.com (dlpemail-wc-2p.cable.comcast.com [24.40.12.145]) (using TLS with cipher AES256-SHA256 (256/256 bits)) (Client did not present a certificate) by pacdcmhout01.cable.comcast.com (SMTP Gateway) with SMTP id 2F.EB.05456.E7DA67C5; Wed, 27 Feb 2019 10:32:14 -0500 (EST) Received: from PACDCEX19.cable.comcast.com (24.40.1.142) by PACDCEX23.cable.comcast.com (24.40.1.146) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 27 Feb 2019 10:32:12 -0500 Received: from PACDCEX19.cable.comcast.com ([fe80::3aea:a7ff:fe36:8304]) by PACDCEX19.cable.comcast.com ([fe80::3aea:a7ff:fe36:8304%19]) with mapi id 15.00.1395.000; Wed, 27 Feb 2019 10:32:12 -0500 From: "Brotman, Alexander" To: Paul Wouters CC: "art@ietf.org" , "dnsop@ietf.org" , "Stephen Farrell" , "dbound@ietf.org" Thread-Topic: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft Thread-Index: AdTNSNgC8Q46/YWfTPCiSrkXJ1OYgQBiUEUAAAhZBnA= Date: Wed, 27 Feb 2019 15:32:12 +0000 Message-ID: References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [96.114.156.7] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-CFilter-Loop: Forward X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrCKsWRmVeSWpSXmKPExsUiocEzUbdubVmMwfqLwhYr7npY7Lp8jd3i 7pvLLBbvb11ispi+9xq7A6vH2u6rbB5Llvxk8vg+jymAOaqB0aYkoyg1scQlNS01rzjVjksB A9gkpablF6W6JhblVAal5qQmYlcGUpmSmpNZllqkj9UYfazmJHQxZcy4t4Ot4Llgxc/fF9ga GI/zdTFyckgImEgsPXiJpYuRi0NIYAeTRPuSnewQzi5Gib2bG1hBqoQETgI513lAbDYBK4m3 /9uZQWwRAUWJSWcegXUzC8xilGi9tQSsQVjAUWLLlo1QRU4SDRunsULYVhJTzx5iA7FZBFQl /hw9wAJi8wp4Sfyat4sJYnMDo8Sb9U/AGjgFHCTm7tsGNohRQEzi+6k1TCA2s4C4xK0n85kg fhCQWLLnPDOELSrx8vE/VgjbQGLr0n0sELaCRM+E6cwQvToSC3Z/YoOwtSWWLXzNDHGEoMTJ mU+g6sUlDh/ZwTqBUWIWknWzkLTPQtI+C0n7AkaWVYw8ZhZ6FuZ6xoZ6hmbmmxiBacclXH75 DsbtszIOMQpwMCrx8KovKosRYk0sK67MPcQowcGsJMIrsBooxJuSWFmVWpQfX1Sak1p8iFGa g0VJnPfirdIYIYH0xJLU7NTUgtQimCwTB6dUA6P847rrSRu+HHWXvX8lbifzwn0Gzx9NnV7k atbCdPPLk0V7plhcm75l7ZRLcgxpWjw3dV6nlW0Rkru4L5RHrfB/r/NeqQXbfY4zCCY3nmO/ c+GewM+Pm66sz96g8uqZ4NNfTv/UFpVL5Gj94+uc8bjN6MvHKf1i698uPHyp4qOLrAOLwLor k2MklViKMxINtZiLihMB3l4CcDcDAAA= Archived-At: Subject: Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2019 15:32:18 -0000 I'm supportive of doing this in other ways, but also understand that DNSSEC= is not widely deployed. I suppose that's ultimately a crutch, though it i= s the current situation. With that being said, we thought this would be on= e reasonable approach to being able to show that relationship. We could po= tentially have a non-DNSSEC and DNSSEC method in the same draft, if that's = something that might be agreeable? -- Alex Brotman Sr. Engineer, Anti-Abuse & Messaging Policy Comcast -----Original Message----- From: dbound On Behalf Of Paul Wouters Sent: Wednesday, February 27, 2019 9:25 AM To: Brotman, Alexander Cc: art@ietf.org; dnsop@ietf.org; Stephen Farrell ; dbound@ietf.org Subject: Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft On Mon, 25 Feb 2019, Brotman, Alexander wrote: > Stephen and I have spent a bit of time working on a draft to be able to s= how a relationship between two domains. We're aware this subject has been = covered a few times previously, especially in the DBOUND drafts, but we're = hopeful that a more simple approach might be more acceptable. The seconda= ry domain will create a DNS record that shows a link to a primary domain, a= nd the text should be able to be validated using the public key in a DNS re= cord the primary domain shares. This is something akin to DKIM, a mechanis= m that the email world uses to ensure the contents of a message have not be= en tampered with. > > https://datatracker.ietf.org/doc/draft-brotman-rdbd/ I've read the draft, and I have my usual complaints. If we put stuff into the DNS for security decisions, saying "its better if = you use this data when it is DNSSEC signed" is just too weak. We are splash= ing TOFU everywhere and putting CT bandaids on it. It's long overdue that w= e stop with that. Just require DNSSEC. And if you require DNSSEC validation, then the solution becomes much simple= r and could be encoded in a single bit, see: https://tools.ietf.org/html/draft-pwouters-powerbind Paul _______________________________________________ dbound mailing list dbound@ietf.org https://www.ietf.org/mailman/listinfo/dbound From nobody Wed Feb 27 07:48:52 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDD0C130E71; Wed, 27 Feb 2019 07:48:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hePNRJzgU5dM; Wed, 27 Feb 2019 07:48:33 -0800 (PST) Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 359931200B3; Wed, 27 Feb 2019 07:48:33 -0800 (PST) Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 448g7y6HMczD0B; Wed, 27 Feb 2019 16:48:30 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1551282510; bh=H49nfX1vedMxsGQC3GO0kJZ7kdUNib+HOKxKQTueBFI=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=T7hIHKLOQVM3U/SG1ZSmH+8M1Pta1wgrQlpyzPGOBaMSaIn/8OBiIEupMWZz9LAHq XjLY9/oqYGKwOb/ly4GFtVQrTfbSbb87eG7fY3rtUih0sUV+udmXZYAkW9rZBi7H/t JttCHdSzxteIgh+ERzMNm5foQnm1wfrEyNTZKC8c= X-Virus-Scanned: amavisd-new at mx.nohats.ca Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id bXuWlKpCrdfx; Wed, 27 Feb 2019 16:48:29 +0100 (CET) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 27 Feb 2019 16:48:28 +0100 (CET) Received: by bofh.nohats.ca (Postfix, from userid 1000) id 92803A7E0C; Wed, 27 Feb 2019 10:48:27 -0500 (EST) DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 92803A7E0C Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 84DDA40D358A; Wed, 27 Feb 2019 10:48:27 -0500 (EST) Date: Wed, 27 Feb 2019 10:48:27 -0500 (EST) From: Paul Wouters To: "Brotman, Alexander" cc: "art@ietf.org" , "dbound@ietf.org" , "dnsop@ietf.org" , Stephen Farrell In-Reply-To: Message-ID: References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2019 15:48:35 -0000 On Wed, 27 Feb 2019, Paul Wouters wrote: >> https://datatracker.ietf.org/doc/draft-brotman-rdbd/ > > I've read the draft, and I have my usual complaints. I scanned this document a bit too fast, with an eye on parent-child relationships and didn't fully realise this is about relating domains at different parts in the DNS hierarchy alltogether. So now I do understand the format and use better. I'm not sure if the DNS is the best place for this information, but it is not the worst place either. So in that sense this proposal seems fine. I do still have a concern that this is using its own signature schemes embedded in the records instead of relying on DNSSEC. But I guess that's just the world we live in now. Paul From nobody Wed Feb 27 07:54:36 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFB20130FE9; Wed, 27 Feb 2019 07:54:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D9aA0Palvabh; Wed, 27 Feb 2019 07:54:25 -0800 (PST) Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74DEA1200B3; Wed, 27 Feb 2019 07:54:25 -0800 (PST) Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 448gGk4rgMzC7V; Wed, 27 Feb 2019 16:54:22 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1551282862; bh=Zge1X395SZBFG85gcmN82NOL1rHfara6B7j9QBAtux0=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=Lx6Q9QcVP1Ejz07dGNeODcMsHS7otmfB9q457OHkiALCxJN5ilzNNMSKqeTCX1YgH V17WHym3YxaspxLNE/dQgvCZx7eDhZnrpMOIXmw1fimf3fQmkHvSH5/fqW6tG2TLuz fwnvvQt7f5EAQL+xlDlOJrQ20/kyNeTO2jkKSQjw= X-Virus-Scanned: amavisd-new at mx.nohats.ca Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id R17sc9Z6PJLu; Wed, 27 Feb 2019 16:54:21 +0100 (CET) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 27 Feb 2019 16:54:21 +0100 (CET) Received: by bofh.nohats.ca (Postfix, from userid 1000) id 79329A7E0C; Wed, 27 Feb 2019 10:54:20 -0500 (EST) DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 79329A7E0C Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 6DE0940D358A; Wed, 27 Feb 2019 10:54:20 -0500 (EST) Date: Wed, 27 Feb 2019 10:54:20 -0500 (EST) From: Paul Wouters To: "Brotman, Alexander" cc: "art@ietf.org" , "dnsop@ietf.org" , Stephen Farrell , "dbound@ietf.org" In-Reply-To: Message-ID: References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2019 15:54:27 -0000 On Wed, 27 Feb 2019, Paul Wouters wrote: >>> https://datatracker.ietf.org/doc/draft-brotman-rdbd/ One more question (and then I promise to walk away from the keyboard for a while) How is this data being consumed by the enduser ? It sort of begins to look like an EV thing. Also, wouldn't attackers just link their fake domain to another fake domain to get a green looking OKAY? Paul From nobody Wed Feb 27 07:57:51 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 812E1130FF9; Wed, 27 Feb 2019 07:57:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.3 X-Spam-Level: X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JDWdqsulKSs7; Wed, 27 Feb 2019 07:57:41 -0800 (PST) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19A73130FF0; Wed, 27 Feb 2019 07:57:39 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 025FCBE58; Wed, 27 Feb 2019 15:57:37 +0000 (GMT) Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tNUl11qFJkQH; Wed, 27 Feb 2019 15:57:36 +0000 (GMT) Received: from [134.226.36.93] (unknown [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id B048BBE55; Wed, 27 Feb 2019 15:57:36 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1551283056; bh=OS6Q9rWMnOnIVsRA24V6y42SvkfiLfDCB9VHR3uJuCA=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=PMTPGiEiexTVuz6Pc60Z+yGBfc/qouZKqSvqeMWwKylJLyMRVMK4hWwVI5WJM8BnC AMbW4NUvqHpNfUqqh5bGo2AbBBOOez8yjJbh+rCr+Q2oyS14EGIKdbXF8t6RLvTkki zX2dOlFW3UJuRgF+Xo/eMTfJrfkwGlDvIs41cRA8= To: Paul Wouters , "Brotman, Alexander" Cc: "art@ietf.org" , "dnsop@ietf.org" , "dbound@ietf.org" References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <8cbf0062-35c6-a8bd-e809-c6a5e9ce16c8@cs.tcd.ie> Date: Wed, 27 Feb 2019 15:57:34 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="0qQqihBrYzGQUnIfDaWrM2SjsJTZcfmxk" Archived-At: Subject: Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2019 15:57:45 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --0qQqihBrYzGQUnIfDaWrM2SjsJTZcfmxk Content-Type: multipart/mixed; boundary="SXSjtdaJa7ywkn6c6D2wwtj6zIqzeXjRf"; protected-headers="v1" From: Stephen Farrell To: Paul Wouters , "Brotman, Alexander" Cc: "art@ietf.org" , "dnsop@ietf.org" , "dbound@ietf.org" Message-ID: <8cbf0062-35c6-a8bd-e809-c6a5e9ce16c8@cs.tcd.ie> Subject: Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> In-Reply-To: --SXSjtdaJa7ywkn6c6D2wwtj6zIqzeXjRf Content-Type: multipart/mixed; boundary="------------D9F654D0CBF98F2A0358D0FE" Content-Language: en-GB This is a multi-part message in MIME format. --------------D9F654D0CBF98F2A0358D0FE Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Paul, On 27/02/2019 15:48, Paul Wouters wrote: > On Wed, 27 Feb 2019, Paul Wouters wrote: >=20 >>> =C2=A0https://datatracker.ietf.org/doc/draft-brotman-rdbd/ >> >> I've read the draft, and I have my usual complaints. Thanks for taking a read! > I scanned this document a bit too fast, with an eye on parent-child > relationships and didn't fully realise this is about relating domains > at different parts in the DNS hierarchy alltogether. And even more thanks for reading it twice! It is short, luckily:-) Great that you think it's uncrazy. >=20 > So now I do understand the format and use better. I'm not sure if the > DNS is the best place for this information, but it is not the worst > place either. So in that sense this proposal seems fine. Yep. Actually in exchanges with John Levine on the dbound list, (he was v. reasonably questioning the value of these new signatures), I myself only copped on that this could be of some use where the primary has DNSSEC but where the secondary doesn't, which is maybe interesting. Those mails are here [1] if someone's interested. > I do still have a concern that this is using its own signature schemes > embedded in the records instead of relying on DNSSEC. But I guess > that's just the world we live in now. Yep. After both domains have DNSSEC, then this could all be simpler. Before they do, there may be value in the sigs though see John's simplification suggestion at [1]. Cheers, S. [1] https://mailarchive.ietf.org/arch/msg/dbound/PON1ipCbK_ea67fbyvhUzSfj= 5og >=20 > Paul >=20 > _______________________________________________ > dbound mailing list > dbound@ietf.org > https://www.ietf.org/mailman/listinfo/dbound >=20 --------------D9F654D0CBF98F2A0358D0FE Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5tDJTdGVwaGVuIEZhcnJlbGwgKDIwMTcp IDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJCZQmAAUL CQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1yw aps8HGUNhLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG +48od+Xn7qg6LT7GrHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXk kTFaSGYJj3yIP4R6IgwBYGMzDXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRr pZtXB1XQc23ZZmrlTkl2HaThL6w3YKdiTi1NbuMeOxZqtXcUshII45sANm4HuWNT iRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS3MmGgVS4ZoX8+VaPGpXdQVFy BMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml3OEuIQiP2ehRt/HV LMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi2/Jrsz6M zh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6 TzKjGjruq8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxIkBHAQQAQgABgUCWj1SoAAK CRAvPIc2gF+NovMcCACVZPo1cQa3D+vWaIo0ZyinO/MgtD2gHysoj1T0Qvq05//L ZXmhh578bJANvdl2g/HFhhwl/5HKIfWcyipQhmJklp/dsleKcNnn4B18T75RHY0G +po3ILq7evbiOjUH+xqApti1aCxi1GocsPghaLfsxmtXKMG4Xu7XhDTv66GOrqZf Y7+0ekJjD9Dza1t5NE/JR/VZA4B8PWR8Glb0+8C9rkjD0VZ5ekJdHPDGcJmFh8Z+ q25LDoI8Fgt1uKSowvoVnsQO5MFv/y6bXArtj1uB4hAL4JiOFgHlFdrW0MlFpvYm ziW4K9JHTD8KAfDbrb3e2W97ZDpROuYfE/lTbYOWiQI9BBMBCAAnBQJaPVAyAhsD BQkJlCYABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEFqy+vF7Fyvq0mkP/ius gsf6Z4/Tu+vHzBbl5i6oKI8ZieH8JfEgXx4ut9t7l3hBGC2r7DpR5A8zLMpEhGIK gFcHagksFkfLEE/FmWDfd1MysQafxBYrHaI27P2tkxfI5JYV6247TV39pQ93kGds tsjIrmh/zEJCVczoofxtz72BDt51H2Z8tN28F/YVHnbaGDwFEEzWKYpze87y/f36 ogcdGO6LDEEEIA6Ee0dGxleuKlLS4UDTt0zjo6L8TyiyPHp9C3+UfnP8837Zp3Fh KstIBd+vWgPdHFg2G5aDIYUvrj9UJBvVgaN/RnkwE+dab2OBSg5jkr141JLQvzdZ 4mOUXn5D9Y6AH6tvj0+ubYMV6j35L1/ZXncuXPVYiylcmDp/6f2WYcT3gx9CPUYA cLMjQV4vX2W8z4uEPyMlIJuGsLf7KhvLL8BQ6zlncT6eONfUUX9UJUCzqI5rqL5c b5jWGHeKvbLWRyQnlq5PXQxJTwYRm71rJTgzejc33LE6Nqg/Q25Dgwwsv+f+7i73 gB5loc80Fef+FV9VFGalFe0Yq8m0UASmkYRh7MH5ssoibpeWk+SGfBjOV4tnsAwR yjYLpAzxA8HeDcmlLeypGEDmsQ/iUvXoGaKOYX4Ieg8T/PCAplsqnJUOq8hbkgOC 98gLZfiltkNG8YhQpoZIHj6SxmBRSc3K99CvanuOiQIzBBABCAAdFiEEfhcKBFyE z0YOK3mgEO952f2DUxIFAlu3JJsACgkQEO952f2DUxJ4qRAAmbjiO3WTAeBCB4ME p2N2+XQCMTTFURDGuJnqU/+X//fhhPRq4V/OxgisKFKlBcAS2hsECvg6HDVSz4Fl 74fk/y+botG4/CjMLdKPB9fgh5zz72i3q0hWDixt50NKBv8IIVWOyYgZxDU/vcks lMEnqbFgJX+CfdALpvAM4WjuQP0UMcKNE3xd+EdDhD1xjK3Tq4XfWob9q6aBZgL2 B4IaADCIeDDE1hv0agnSJmMJE7Bti8tNxCCxVRbZtOaxVHXdRUoOx2XTaxFXupxV hbpHRrdFrwq51f6e3bkfkNEZ3fzYpnlbynJ2zL++JO8P3Pq/S6UKEFjEB50i8YgK WuFvGUsQ+YiDgiZU4saqxSBWbfYn3lY6MSSTg8RnXbFIMG3CFImqYk1uhaV+bDjc p0htjzM2F98g7c3o7sWx0bGarId4uhOmpj7JJVQ+lu7Jby6Ocj8n//7qF1Nn11Cw QlCVaeAq5Y5DmZrnww9I3zzOWWyqFkAVCM3GqeRLMvplD6/+O+5FF7XoHzQB47nk OyZtawy/9gssPWZKLv4qHLYS0wGGCiNbCsYy90s3pfeafM0kSxxjIvEz21KT6LJI /awu2ErQFWCkDMFJ1p/97MjPrQ/6d4cPO140V/wyfuWaBiTVqa9mgnb2zn6fYfDH JEvl1UzIx3JCae25tty1+qtnS0i0LlN0ZXBoZW4gRmFycmVsbCA8c3RlcGhlbkB0 b2xlcmFudG5ldHdvcmtzLmNvbT6JAj0EEwEIACcFAlo9UVoCGwMFCQmUJgAFCwkI BwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+o7HBAAxHAdFkBGZ9gJK8w7 NUYS9C6enGYtAYoKH5G3Bn3YScjErNfQtHYb53KwBQpVSOv1HcN8hbQ8mLTgn9lt zNwNSuv0XxIswi807HRSIZ4vYDiS5VKV1YkLYK5bLY5O4alVdzqM+AZQqkuHBu63 6n+C0ED6UwLhVBFfSNvBQVAdoq6gvr+IE8rCIKTMNGwNcgVPbF+YxP7UZM6p7s2a 5MIqGw7URSfaqfuztibXGOBLFbSwLGqHSSnOXBfEeDrwdZ+ur8cXIIPRIeCTVmeO 8bGgpgBqNQXG9oyGN+TrYAC+4Ahi0UjCk7QGj8tf3xICKoQpYyfceNBZJ/969gV9 tVgvRxUjxUwc9kZbi0c8XYMTq5GCvBIh1D6BOW9QBM2SsNgG3l36+e3+c2LDdyKn 20C1IzGLVDdcCtz42/onQ/e9sMlzFrfLjs5SO2/TnLvp2JtsIQXyb/T5qd0GE5j8 /iwfZR+uVTVVEsUl1a+Yllzt6sdR7RIhhKpKaKzEAk4d0+VHdz7zEkQRRSjbPVoS fy8c/kld9Fi8Buna+ZkKpcwIW+D4XP83pGcl0XUv6AyqwS1LnEt+jv/+PSXskYtU Lzn8Z35iKkSAH/5Nz6GCZk6ORPNv/6+UI92BpUbu/G2tBwK8bPgAg+gJxBx3G7MK W7VRCmM5UrtAK9A3O70VjPyMkHSJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLC LAf/X/9vRTZWtwSXxiBCA54a6hg9IvW0mvPUqgXfvrhtOk0IFucLKrTXK8J/NcmU 6ulxOovVbQ+Bin6gtHeCmSa/W523g/NXCOuFTnS/MyVibNL4+RCFwqGysl++Cm+L nj1MmasE9kO+CNdervx8APfxV7D6OYrG4eGag+LdFR6VpJn6tRT0/WvyT8l+Oqiq gdhXHv+0MvkkD9TX5LlJW4VB/yRvWkkmL5N5c5zYh+NcfTPhQ5S9dOorVzrm65d6 Itn0937Ennau7s7fiFdA0BHjWqEAFLsBIXQfCFjjKjdsKA4xlSiX7X7ElmPYpWa5 wwTQ66dL0anMd9y1DJCMOHe4gYkCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9 g1MSBQJbtyScAAoJEBDvedn9g1MSY7sP+gKR0rFU1g+GtB+hSdtwPRbacvml2eL2 Jc5Eq37J9hAqxHyt5V0If7s8IyVA2GXgdfwULBWbXGDUDiUkh20OPQRUS8G9Sf8A WRuG25q5C8ZzWygykL88RKXJZDFtA49CeqO5Bq5syBhq4QfiSTffQHIp3h0boPGU hSBEUQpooMXYQClNARQ+z/uRzR5bUi9wxdXNnxTn9ia4ASlaBPvUYTGY1jW2HrRR SwpI12+UaWsvc3jJtQ8X0kxgJ7jsFF1uqquIZ5eflQv+PHHg2RJSy37u0UFGb+OK ZEkzlmbPokKCYhzBR5PcD6sgdlaJNcidmto9u1oV6yZT8J2W4CTuUclgxt6f3lZq ZeVLnNnbHyKUdeypwLlqYISulfnMhZ3A6Bgpf2BtjL6KJbFtPBYmYdxI+HZyY49u U2ZHhRu+CSQ1y7zGKSX0gRp5hE7+A4XJtsT6lTLhbi9aiZTG1S6zKNhl3qNNzszc r27PrvFiyGhpuYQuzdQl2PMGbOI6Ojif3sab53NO3RLsLOM09wIlr95yKLlkXkUr WcvUJGrw6HKm8j5opXHTwmJOAbDpc6cMDu+ITRu4spdCnQJcE8RkO8tKyaLuh2Gt U5kYSBK97yr5VviX1FK6rY14LLmnE16OPiK2tiVBKy9nGM0DKtY+K9WcoRZ7s/d7 O0bMfzcNPtGLuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiez GPuBHmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9Wf pHTD8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC 6T5MsK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2 D/zE4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFe A7PbTuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ /Vf3vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbpt PEcmoazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKr em5r+oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96 Z22fQ0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYgh x8b7Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQ oqj1gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P /1tF6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8 Wpfdn3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJ gx252HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5 SLjNJIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2 oKjwrIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtA ZAGsokRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIA ypqYo3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoM eDQkd0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS /qmUyXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZ IMhkvMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XO KVc3YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DJ121 -----END PGP PUBLIC KEY BLOCK----- --------------D9F654D0CBF98F2A0358D0FE-- --SXSjtdaJa7ywkn6c6D2wwtj6zIqzeXjRf-- --0qQqihBrYzGQUnIfDaWrM2SjsJTZcfmxk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAlx2s24ACgkQWrL68XsX K+qclxAA0oQ8iPvi/W8OpdvfFu4WFvvEqQC9ab0PCRW1MTHRRqfAGoeCenvcyE52 n2BtznMmqRh0QcGwI8p7goVF48pw2m14Ok/R1jvQQCbjBhnTabLWbbVhwRHm0n8K Z4eFTnDh6pGbFS8iNXhlvT+SbyDWuixNFl5bbbzASb6jHNXx66trov+dN29VB7fn xAEUzC0w6G0X+3vA/9eOdxtK2zLwE9Yustn1Vrw7QnomxKFxmDhogevygug6+h+2 K5ItGH3rY+k/m+4ORUgYLwFT3uWXG0ii6PCXiJ9NbGEPlg1JLI+T7VonJeeS6/ie ZVs8s8QOMPxEhMPRLYCVYFGKTVZUT2ct5+t5ENJRzMjHYT3vOMqtKBYy8xydIEL3 aY72HXAZjKiTdgyFd9THzWySf3gUDVGXSAVQYXi9l9v5YNZsuRBe5LVKopRnlFm+ TSr2rZHcbAcaswkC2Z/lIuM6lDmYNiGNw06Czj/O8y41ZyRPX5WUnR8qBB73xQVq pl5QKWLRuMORorwm4qv4URK2DVL5O522RQw+x7QS3AlGu1Dj1xW8Yp1uIuX0fR/v yxmp6Pdlqn+VoyHsrtqGgie0jrD3Xkv1H6hzfJ9K82TsoTAdNoKn8pbLyAGllmos YieakXNhQLCe6rf/TPicoCNcy7x8Z9xJMmL48KiOmo/iXoHO54E= =fhJj -----END PGP SIGNATURE----- --0qQqihBrYzGQUnIfDaWrM2SjsJTZcfmxk-- From nobody Wed Feb 27 08:15:08 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43BE1130E82; Wed, 27 Feb 2019 08:14:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.301 X-Spam-Level: X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q4KDVxh_7ijv; Wed, 27 Feb 2019 08:14:51 -0800 (PST) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1A021200B3; Wed, 27 Feb 2019 08:14:50 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 2CFB6BE51; Wed, 27 Feb 2019 16:14:49 +0000 (GMT) Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XUcyGWh-IXTI; Wed, 27 Feb 2019 16:14:49 +0000 (GMT) Received: from [134.226.36.93] (unknown [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id E0F5EBE4C; Wed, 27 Feb 2019 16:14:48 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1551284088; bh=ZAVc061yK0m5bJRf7/Ek5yBZbD+aCzZDmuQmIsQ1/0o=; h=To:Cc:References:From:Subject:Date:In-Reply-To:From; b=DKkLGno1Fugxz1mXlXnvyn774VLRlN8itW6Hnoh2x4Hc4nqm05CSwQEd2jkpVT6CI OF7gk2m5coVvmQ8geY6soU8l0YU8tlj8avMDcL4xTMf4fb35GjTiEXTf2w/dOjj0yX FIf+t/pAeILFA2Q1Miu3xZk1cHQ4l5AfCPDsffKo= To: Paul Wouters , "Brotman, Alexander" Cc: "art@ietf.org" , "dnsop@ietf.org" , "dbound@ietf.org" References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: Date: Wed, 27 Feb 2019 16:14:46 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="UlTVYRgKO1j1ookOqIfuaTSMMQyi8sFTC" Archived-At: Subject: Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2019 16:14:53 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --UlTVYRgKO1j1ookOqIfuaTSMMQyi8sFTC Content-Type: multipart/mixed; boundary="U4Hz5X0JUrmFZbMkjxjMj3EWuKTmI7H5X"; protected-headers="v1" From: Stephen Farrell To: Paul Wouters , "Brotman, Alexander" Cc: "art@ietf.org" , "dnsop@ietf.org" , "dbound@ietf.org" Message-ID: Subject: Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> In-Reply-To: --U4Hz5X0JUrmFZbMkjxjMj3EWuKTmI7H5X Content-Type: multipart/mixed; boundary="------------04532129FBDAA8FA184B970B" Content-Language: en-GB This is a multi-part message in MIME format. --------------04532129FBDAA8FA184B970B Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, On 27/02/2019 15:54, Paul Wouters wrote: > How is this data being consumed by the enduser ?=20 Very good question. Sorry for what's likely a longer answer than you want:-) Alex and I chatted about that and I think ended up figuring: a) there are many potential semantics that could be associated with such a linkage, b) we don't yet know what'd be useful, but c) no, we are defo not trying for an EV-like thing and lastly d) we really want to keep this as simple as possible - given there's a lot of feature-creep potential here, and that'd likely be fatal. My own use-case for this relates more to surveys, where I'd like to get a hint that two names are related so I could take that into account. Alex's is more business like (as you'd expect:-) he'd like to be able to feed this kind of linkage information into mail processing, e.g. perhaps to treat some mails as less-likely spam if he sees a link, compared to if he doesn't (with all the other mail processing foo that'd clearly be required to not do that kind of thing stupidly of course). We guess that there'd be other uses too but finding out if this is seen as useful enough that people would publish RR's is part of why we shot out the draft now. We also considered whether or not to e.g. try to add some kind of flag to indicate semantics but reckoned we don't know enough to do that for now. Cheers, S. > It sort of begins > to look like an EV thing. Also, wouldn't attackers just link their > fake domain to another fake domain to get a green looking OKAY? --------------04532129FBDAA8FA184B970B Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5tDJTdGVwaGVuIEZhcnJlbGwgKDIwMTcp IDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJCZQmAAUL CQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1yw aps8HGUNhLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG +48od+Xn7qg6LT7GrHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXk kTFaSGYJj3yIP4R6IgwBYGMzDXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRr pZtXB1XQc23ZZmrlTkl2HaThL6w3YKdiTi1NbuMeOxZqtXcUshII45sANm4HuWNT iRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS3MmGgVS4ZoX8+VaPGpXdQVFy BMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml3OEuIQiP2ehRt/HV LMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi2/Jrsz6M zh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6 TzKjGjruq8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxIkBHAQQAQgABgUCWj1SoAAK CRAvPIc2gF+NovMcCACVZPo1cQa3D+vWaIo0ZyinO/MgtD2gHysoj1T0Qvq05//L ZXmhh578bJANvdl2g/HFhhwl/5HKIfWcyipQhmJklp/dsleKcNnn4B18T75RHY0G +po3ILq7evbiOjUH+xqApti1aCxi1GocsPghaLfsxmtXKMG4Xu7XhDTv66GOrqZf Y7+0ekJjD9Dza1t5NE/JR/VZA4B8PWR8Glb0+8C9rkjD0VZ5ekJdHPDGcJmFh8Z+ q25LDoI8Fgt1uKSowvoVnsQO5MFv/y6bXArtj1uB4hAL4JiOFgHlFdrW0MlFpvYm ziW4K9JHTD8KAfDbrb3e2W97ZDpROuYfE/lTbYOWiQI9BBMBCAAnBQJaPVAyAhsD BQkJlCYABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEFqy+vF7Fyvq0mkP/ius gsf6Z4/Tu+vHzBbl5i6oKI8ZieH8JfEgXx4ut9t7l3hBGC2r7DpR5A8zLMpEhGIK gFcHagksFkfLEE/FmWDfd1MysQafxBYrHaI27P2tkxfI5JYV6247TV39pQ93kGds tsjIrmh/zEJCVczoofxtz72BDt51H2Z8tN28F/YVHnbaGDwFEEzWKYpze87y/f36 ogcdGO6LDEEEIA6Ee0dGxleuKlLS4UDTt0zjo6L8TyiyPHp9C3+UfnP8837Zp3Fh KstIBd+vWgPdHFg2G5aDIYUvrj9UJBvVgaN/RnkwE+dab2OBSg5jkr141JLQvzdZ 4mOUXn5D9Y6AH6tvj0+ubYMV6j35L1/ZXncuXPVYiylcmDp/6f2WYcT3gx9CPUYA cLMjQV4vX2W8z4uEPyMlIJuGsLf7KhvLL8BQ6zlncT6eONfUUX9UJUCzqI5rqL5c b5jWGHeKvbLWRyQnlq5PXQxJTwYRm71rJTgzejc33LE6Nqg/Q25Dgwwsv+f+7i73 gB5loc80Fef+FV9VFGalFe0Yq8m0UASmkYRh7MH5ssoibpeWk+SGfBjOV4tnsAwR yjYLpAzxA8HeDcmlLeypGEDmsQ/iUvXoGaKOYX4Ieg8T/PCAplsqnJUOq8hbkgOC 98gLZfiltkNG8YhQpoZIHj6SxmBRSc3K99CvanuOiQIzBBABCAAdFiEEfhcKBFyE z0YOK3mgEO952f2DUxIFAlu3JJsACgkQEO952f2DUxJ4qRAAmbjiO3WTAeBCB4ME p2N2+XQCMTTFURDGuJnqU/+X//fhhPRq4V/OxgisKFKlBcAS2hsECvg6HDVSz4Fl 74fk/y+botG4/CjMLdKPB9fgh5zz72i3q0hWDixt50NKBv8IIVWOyYgZxDU/vcks lMEnqbFgJX+CfdALpvAM4WjuQP0UMcKNE3xd+EdDhD1xjK3Tq4XfWob9q6aBZgL2 B4IaADCIeDDE1hv0agnSJmMJE7Bti8tNxCCxVRbZtOaxVHXdRUoOx2XTaxFXupxV hbpHRrdFrwq51f6e3bkfkNEZ3fzYpnlbynJ2zL++JO8P3Pq/S6UKEFjEB50i8YgK WuFvGUsQ+YiDgiZU4saqxSBWbfYn3lY6MSSTg8RnXbFIMG3CFImqYk1uhaV+bDjc p0htjzM2F98g7c3o7sWx0bGarId4uhOmpj7JJVQ+lu7Jby6Ocj8n//7qF1Nn11Cw QlCVaeAq5Y5DmZrnww9I3zzOWWyqFkAVCM3GqeRLMvplD6/+O+5FF7XoHzQB47nk OyZtawy/9gssPWZKLv4qHLYS0wGGCiNbCsYy90s3pfeafM0kSxxjIvEz21KT6LJI /awu2ErQFWCkDMFJ1p/97MjPrQ/6d4cPO140V/wyfuWaBiTVqa9mgnb2zn6fYfDH JEvl1UzIx3JCae25tty1+qtnS0i0LlN0ZXBoZW4gRmFycmVsbCA8c3RlcGhlbkB0 b2xlcmFudG5ldHdvcmtzLmNvbT6JAj0EEwEIACcFAlo9UVoCGwMFCQmUJgAFCwkI BwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+o7HBAAxHAdFkBGZ9gJK8w7 NUYS9C6enGYtAYoKH5G3Bn3YScjErNfQtHYb53KwBQpVSOv1HcN8hbQ8mLTgn9lt zNwNSuv0XxIswi807HRSIZ4vYDiS5VKV1YkLYK5bLY5O4alVdzqM+AZQqkuHBu63 6n+C0ED6UwLhVBFfSNvBQVAdoq6gvr+IE8rCIKTMNGwNcgVPbF+YxP7UZM6p7s2a 5MIqGw7URSfaqfuztibXGOBLFbSwLGqHSSnOXBfEeDrwdZ+ur8cXIIPRIeCTVmeO 8bGgpgBqNQXG9oyGN+TrYAC+4Ahi0UjCk7QGj8tf3xICKoQpYyfceNBZJ/969gV9 tVgvRxUjxUwc9kZbi0c8XYMTq5GCvBIh1D6BOW9QBM2SsNgG3l36+e3+c2LDdyKn 20C1IzGLVDdcCtz42/onQ/e9sMlzFrfLjs5SO2/TnLvp2JtsIQXyb/T5qd0GE5j8 /iwfZR+uVTVVEsUl1a+Yllzt6sdR7RIhhKpKaKzEAk4d0+VHdz7zEkQRRSjbPVoS fy8c/kld9Fi8Buna+ZkKpcwIW+D4XP83pGcl0XUv6AyqwS1LnEt+jv/+PSXskYtU Lzn8Z35iKkSAH/5Nz6GCZk6ORPNv/6+UI92BpUbu/G2tBwK8bPgAg+gJxBx3G7MK W7VRCmM5UrtAK9A3O70VjPyMkHSJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLC LAf/X/9vRTZWtwSXxiBCA54a6hg9IvW0mvPUqgXfvrhtOk0IFucLKrTXK8J/NcmU 6ulxOovVbQ+Bin6gtHeCmSa/W523g/NXCOuFTnS/MyVibNL4+RCFwqGysl++Cm+L nj1MmasE9kO+CNdervx8APfxV7D6OYrG4eGag+LdFR6VpJn6tRT0/WvyT8l+Oqiq gdhXHv+0MvkkD9TX5LlJW4VB/yRvWkkmL5N5c5zYh+NcfTPhQ5S9dOorVzrm65d6 Itn0937Ennau7s7fiFdA0BHjWqEAFLsBIXQfCFjjKjdsKA4xlSiX7X7ElmPYpWa5 wwTQ66dL0anMd9y1DJCMOHe4gYkCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9 g1MSBQJbtyScAAoJEBDvedn9g1MSY7sP+gKR0rFU1g+GtB+hSdtwPRbacvml2eL2 Jc5Eq37J9hAqxHyt5V0If7s8IyVA2GXgdfwULBWbXGDUDiUkh20OPQRUS8G9Sf8A WRuG25q5C8ZzWygykL88RKXJZDFtA49CeqO5Bq5syBhq4QfiSTffQHIp3h0boPGU hSBEUQpooMXYQClNARQ+z/uRzR5bUi9wxdXNnxTn9ia4ASlaBPvUYTGY1jW2HrRR SwpI12+UaWsvc3jJtQ8X0kxgJ7jsFF1uqquIZ5eflQv+PHHg2RJSy37u0UFGb+OK ZEkzlmbPokKCYhzBR5PcD6sgdlaJNcidmto9u1oV6yZT8J2W4CTuUclgxt6f3lZq ZeVLnNnbHyKUdeypwLlqYISulfnMhZ3A6Bgpf2BtjL6KJbFtPBYmYdxI+HZyY49u U2ZHhRu+CSQ1y7zGKSX0gRp5hE7+A4XJtsT6lTLhbi9aiZTG1S6zKNhl3qNNzszc r27PrvFiyGhpuYQuzdQl2PMGbOI6Ojif3sab53NO3RLsLOM09wIlr95yKLlkXkUr WcvUJGrw6HKm8j5opXHTwmJOAbDpc6cMDu+ITRu4spdCnQJcE8RkO8tKyaLuh2Gt U5kYSBK97yr5VviX1FK6rY14LLmnE16OPiK2tiVBKy9nGM0DKtY+K9WcoRZ7s/d7 O0bMfzcNPtGLuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiez GPuBHmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9Wf pHTD8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC 6T5MsK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2 D/zE4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFe A7PbTuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ /Vf3vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbpt PEcmoazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKr em5r+oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96 Z22fQ0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYgh x8b7Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQ oqj1gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P /1tF6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8 Wpfdn3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJ gx252HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5 SLjNJIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2 oKjwrIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtA ZAGsokRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIA ypqYo3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoM eDQkd0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS /qmUyXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZ IMhkvMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XO KVc3YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DJ121 -----END PGP PUBLIC KEY BLOCK----- --------------04532129FBDAA8FA184B970B-- --U4Hz5X0JUrmFZbMkjxjMj3EWuKTmI7H5X-- --UlTVYRgKO1j1ookOqIfuaTSMMQyi8sFTC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAlx2t3cACgkQWrL68XsX K+pPohAAhiB5/R1PfTcTh/1RcpfXwzJY4DRJgLwrQ+4uI2xdDMGhbk2WRBIT8/vV QMu2X1aIj+LlRUyUFlUlQDUyVwkYCqsM64iSrQrWNHk4wZWL1Ba7EEs8YGlbmKq+ sxDyGqEabPBUxvks6cnLtOWcIMNnLXM+D0ODM4SjWL+2dN3mBXiWLQjateAQGBEB GBn2C0pufHCjUzMGJgO/3x+fh3p0Sm5gmGxOXWpS4qiBF/+eET+Li79+BUdVy53l XE96UhH3bNnYh2/pxaPTVqKDgm8qnyumVkov+OOvbzXxgJ+AJpCbO6jTZKIAH/1c fJeGCMMs2YZWbHrCCT5s9QI63QZI7d5Ls+lvN/osvQD+sI89940T+OFgfdcEQ+r3 wkXsX1ujEK1rZ39dxLafTDdiyy4dYFztU/U7ent8ZWGKnxuoMKR5oTYU80L7pUNm AcoYQ5HS2+4wetzdgyya7bmMirF8ehonrEIk3j4oXwpfB69o7YXT/60fMaXynwjU AMbdnxpOeC3gJkAixcRwkjK1rom13eMqLtcTMO+xpv4fCU72TcBHKQ4wLsgCUvOA xuYqe+PDqQuRiKR3ulXPGX07LNxkJ63hqVgs8ChUo0TI35lD0TF43lFtUmwszjiR 5TacGrgpK9Skz++dFEwtWsH+dT8WbEOdRj+T8e5tluE/URrYzEg= =MXBl -----END PGP SIGNATURE----- --UlTVYRgKO1j1ookOqIfuaTSMMQyi8sFTC-- From nobody Wed Feb 27 08:26:51 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBC3F130FFB; Wed, 27 Feb 2019 08:26:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vMR0a4Ran0yv; Wed, 27 Feb 2019 08:26:35 -0800 (PST) Received: from ppsw-30.csi.cam.ac.uk (ppsw-30.csi.cam.ac.uk [131.111.8.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EA5E130FF4; Wed, 27 Feb 2019 08:26:35 -0800 (PST) X-Cam-AntiVirus: no malware found X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus Received: from grey.csi.cam.ac.uk ([131.111.57.57]:44120) by ppsw-30.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.136]:25) with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) id 1gz22P-000dqM-fa (Exim 4.91) (return-path ); Wed, 27 Feb 2019 16:26:29 +0000 Date: Wed, 27 Feb 2019 16:26:29 +0000 From: Tony Finch To: Paul Wouters cc: "Brotman, Alexander" , "art@ietf.org" , "dnsop@ietf.org" , Stephen Farrell , "dbound@ietf.org" In-Reply-To: Message-ID: References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> User-Agent: Alpine 2.20 (DEB 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Archived-At: Subject: Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2019 16:26:38 -0000 Paul Wouters wrote: > > I do still have a concern that this is using its own signature schemes > embedded in the records instead of relying on DNSSEC. But I guess > that's just the world we live in now. I wonder if it should instead be a SIG(SOA) where the signer is the primary domain, but I'm not sure what the other bits of this SIG record should say. Also, I wasn't around when DNSSEC worked like that, so there are likely to be all sorts of good reasons why this is not a fun and enticing prospect. Tony. -- f.anthony.n.finch http://dotat.at/ no one shall be enslaved by poverty, ignorance, or conformity From nobody Wed Feb 27 08:37:45 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F16B130EE1; Wed, 27 Feb 2019 08:37:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.3 X-Spam-Level: X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HlnaBQOQMcJf; Wed, 27 Feb 2019 08:37:34 -0800 (PST) Received: from mail3.verisign.com (mail3.verisign.com [72.13.63.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CD74130EED; Wed, 27 Feb 2019 08:37:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=2952; q=dns/txt; s=VRSN; t=1551285456; h=from:to:cc:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version:subject; bh=JT9M/KSPdNUb/l00mgdNyYBK8MmLzwKWdNl94+Mj0Us=; b=J2plSh5W5hR2lyouZ63zvEo1wfp+WZJNCBaxskbCdTV/lD6BltjnLfpE eAaS+aNDo8AB2ntTAcjpxmidFz5fBCUVjHyw3mOWXGJuI+QvDMkPP9gqw fYrwwBm9lsqvCW90X0s26uhZleBlCStm2NI9WTGWrWvaMKQxX0bllW2Uu G5zBmyoYv7z7+PIhykFJTBbBWWTwKQpEUcwxyZjHzBN0tYub3jpg+wJoU fk39UWGyc/XZwh+P4YGcnDpI+yExnHcX2nn67S/mBSWnOXYPWAj3vctPc I8ssNWrjcDoTRyWrUUOwoM+Zo5KY9dYLm/b0Ql28JqEzKaDKEDeKppg9/ w==; X-IronPort-AV: E=Sophos;i="5.58,420,1544486400"; d="scan'208";a="7723570" IronPort-PHdr: =?us-ascii?q?9a23=3Apv9QVxRN1gQFctKio/n48bx+S9psv+yvbD5Q0Y?= =?us-ascii?q?Iujvd0So/mwa67ZhCDt8tkgFKBZ4jH8fUM07OQ7/iwHzRYqb+681k6OKRWUB?= =?us-ascii?q?EEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAA?= =?us-ascii?q?jwOhRoLerpBIHSk9631+ev8JHPfglEnjWwba9xIRmssQndqtQdjJd/JKo21h?= =?us-ascii?q?bHuGZDdf5MxWNvK1KTnhL86dm18ZV+7SleuO8v+tBZX6nicKs2UbJXDDI9M2?= =?us-ascii?q?Ao/8LrrgXMTRGO5nQHTGoblAdDDhXf4xH7WpfxtTb6tvZ41SKHM8D6Uaw4VD?= =?us-ascii?q?K/5KptVRTmijoINyQh/W/XlMJ+kb5brhyiqRxxwYHUYZ2aOvVxca7GYdMVXm?= =?us-ascii?q?hBUtpNWyBdAI6xaZYEAeobPeZfqonwv1UCoxm5BQmoAOPg1DlIiWTo0qIm0O?= =?us-ascii?q?QtCRzN0hE8ENIJrHTUsNv5P7oVXOCuzKnIyjHDb/dI1jf784fHbAwuofKXUL?= =?us-ascii?q?Jub8XR00gvFxjEjlWfr4zpJS+a1uMIs2WC6edrSOGhi3Y/pg1svjSj3Nogh4?= =?us-ascii?q?vHi44P11zJ9St0zJw6KNC7UEJ3fMKoHIFNuyyYK4d6WN4uTm5rtSog17ELuo?= =?us-ascii?q?a3fCYUx5kk2xLSbvmKfoqU7R7/TumcJCp0i255d7+6hxu97FavyuP5W8SwzV?= =?us-ascii?q?lFszRKn9/RvX4XzRPT8NKISv5l80ek3jaAyh7c5/lfIUAxiarbM5khwqMslp?= =?us-ascii?q?YLsUTMACv2mELugaKLaksq4vWk5OT/bLvpp5CQK5J4hhvgMqsyncy/G/w4Ph?= =?us-ascii?q?IUUGeG4+i8yqfj/Vb/QLlQkvI2lazZvIjbJcQduKG5HxdY3ps/5xqlEjur0t?= =?us-ascii?q?oVkWMaIF9Fdh+LlYfkNlLWLPD9F/i/glCskDlxx/DBO73sGo7NLnjEkLfleb?= =?us-ascii?q?Zy9UhcxxEtwt9D5JJZEa8BL+zpWk/wr9zYDxA5Mwquz+n7D9V905sSWXiTDa?= =?us-ascii?q?+BLKPSrViI6/o0I+mQeoAVoDb9JOYj5/L0g382g0UdfbO30psTbHC1BehpI1?= =?us-ascii?q?6DbXrwntgODH0GvgsgQ+bykl2NTSZTZ2quX6I7/jw7EJipDZrHRo22hryB2y?= =?us-ascii?q?e7EYdKZmBdEFyDDW3nfZ2eW/gQcCKSPtNhkjscWLW9T48uyx6vuxX8y7V6MO?= =?us-ascii?q?XU4DUXuI/51Nhy++3TkAs99TpvAsuB1GGNSn17kXkTRz8qxqxwvUt9ylKb26?= =?us-ascii?q?hin/NYDcBT5+9OUgoiL5Hc1fB6BsvzWg3fYteJRkyqQtK8ATE+Vtgx2cMBY1?= =?us-ascii?q?5hG9W+iRDOxzelA7kOl7yMHJw56aPc0GbtJ8Zz0XrG07Mhj1Y+SMtVKWKmnr?= =?us-ascii?q?J/9xTUB4PRjkqWjKGqdbka3CHQ72qDzHSBvF1WUAJqVqXFR38fNQPqqoGz/V?= =?us-ascii?q?/PV7+jD/IpOxFbxMqGAqBRLMHigRNHSb2rbM/CbnqxlmH2Cx+S3L6IaKLhYC?= =?us-ascii?q?MB1ymbCUVS10hZ5X+bMSA4ASeov3mYBzUkXQb3al7o2e95qHqnVQk/xlfOJw?= =?us-ascii?q?dI07el8xgZiOarYekUwrcNvg8qrDB/FU2hmdnRDpDI8yNlcbVVZ98w+mBtz2?= =?us-ascii?q?XFsgV7FpenKqtrnUJYeANy6RDAzRJyX89glswuoXUgwQFxbeqj21Rda3nQiY?= =?us-ascii?q?vwPbnTJ2/48RusQ7DbwFDF0dmQvKwI7aJr+B3YoAi1Gx96oD1c2N5P3i7E6w?= =?us-ascii?q?=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2G2AgCYvHZc/zCZrQpaChwBAQEEAQEHBAEBgWWEFQqDf?= =?us-ascii?q?pV1g0WUb4FnDAGEbAIXhBk4EgEDAQEBAQEBAgEBAoERgjoigm8BAQEBAyMRP?= =?us-ascii?q?gcMBAIBCBEEAQEBAgIRFQICAjAVCAgCBAENBQiweYEviiyBC4tUgUE+gRGDE?= =?us-ascii?q?oQ8GgsBASUQIQIFgkuCVwKMPJcuAwYCkmAhkxyKXZIXAgQCBAUCFIFegXhwg?= =?us-ascii?q?zyQXXKQCIEfgR8BAQ?= Received: from BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Wed, 27 Feb 2019 11:37:32 -0500 Received: from BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde]) by BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde%4]) with mapi id 15.01.1713.004; Wed, 27 Feb 2019 11:37:32 -0500 From: "Hollenbeck, Scott" To: "stephen.farrell@cs.tcd.ie" , "paul@nohats.ca" , "Alexander_Brotman@comcast.com" CC: "art@ietf.org" , "dnsop@ietf.org" , "dbound@ietf.org" Thread-Topic: [EXTERNAL] Re: [DNSOP] [dbound] Related Domains By DNS (RDBD) Draft Thread-Index: AQHUzrefByxL0Iby3E2AX95fpgituaXz1qOA Date: Wed, 27 Feb 2019 16:37:32 +0000 Message-ID: <804a305f4d1b40daa6e9ca9b3e97f96d@verisign.com> References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.170.148.18] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2019 16:37:36 -0000 PiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBGcm9tOiBETlNPUCA8ZG5zb3AtYm91bmNl c0BpZXRmLm9yZz4gT24gQmVoYWxmIE9mIFN0ZXBoZW4gRmFycmVsbA0KPiBTZW50OiBXZWRuZXNk YXksIEZlYnJ1YXJ5IDI3LCAyMDE5IDExOjE1IEFNDQo+IFRvOiBQYXVsIFdvdXRlcnMgPHBhdWxA bm9oYXRzLmNhPjsgQnJvdG1hbiwgQWxleGFuZGVyDQo+IDxBbGV4YW5kZXJfQnJvdG1hbkBjb21j YXN0LmNvbT4NCj4gQ2M6IGFydEBpZXRmLm9yZzsgZG5zb3BAaWV0Zi5vcmc7IGRib3VuZEBpZXRm Lm9yZw0KPiBTdWJqZWN0OiBbRVhURVJOQUxdIFJlOiBbRE5TT1BdIFtkYm91bmRdIFJlbGF0ZWQg RG9tYWlucyBCeSBETlMgKFJEQkQpDQo+IERyYWZ0DQo+DQo+DQo+IEhpeWEsDQo+DQo+IE9uIDI3 LzAyLzIwMTkgMTU6NTQsIFBhdWwgV291dGVycyB3cm90ZToNCj4gPiBIb3cgaXMgdGhpcyBkYXRh IGJlaW5nIGNvbnN1bWVkIGJ5IHRoZSBlbmR1c2VyID8NCj4NCj4gVmVyeSBnb29kIHF1ZXN0aW9u LiBTb3JyeSBmb3Igd2hhdCdzIGxpa2VseSBhIGxvbmdlciBhbnN3ZXIgdGhhbiB5b3Ugd2FudDot KQ0KPg0KPiBBbGV4IGFuZCBJIGNoYXR0ZWQgYWJvdXQgdGhhdCBhbmQgSSB0aGluayBlbmRlZCB1 cA0KPiBmaWd1cmluZzogYSkgdGhlcmUgYXJlIG1hbnkgcG90ZW50aWFsIHNlbWFudGljcyB0aGF0 IGNvdWxkIGJlIGFzc29jaWF0ZWQgd2l0aA0KPiBzdWNoIGEgbGlua2FnZSwgYikgd2UgZG9uJ3Qg eWV0IGtub3cgd2hhdCdkIGJlIHVzZWZ1bCwgYnV0IGMpIG5vLCB3ZSBhcmUgZGVmbw0KPiBub3Qg dHJ5aW5nIGZvciBhbiBFVi1saWtlIHRoaW5nIGFuZCBsYXN0bHkgZCkgd2UgcmVhbGx5IHdhbnQg dG8ga2VlcCB0aGlzIGFzDQo+IHNpbXBsZSBhcyBwb3NzaWJsZSAtIGdpdmVuIHRoZXJlJ3MgYSBs b3Qgb2YgZmVhdHVyZS1jcmVlcCBwb3RlbnRpYWwgaGVyZSwgYW5kDQo+IHRoYXQnZCBsaWtlbHkg YmUgZmF0YWwuDQo+DQo+IE15IG93biB1c2UtY2FzZSBmb3IgdGhpcyByZWxhdGVzIG1vcmUgdG8g c3VydmV5cywgd2hlcmUgSSdkIGxpa2UgdG8gZ2V0IGEgaGludA0KPiB0aGF0IHR3byBuYW1lcyBh cmUgcmVsYXRlZCBzbyBJIGNvdWxkIHRha2UgdGhhdCBpbnRvIGFjY291bnQuIEFsZXgncyBpcyBt b3JlDQo+IGJ1c2luZXNzIGxpa2UgKGFzIHlvdSdkIGV4cGVjdDotKSBoZSdkIGxpa2UgdG8gYmUg YWJsZSB0byBmZWVkIHRoaXMga2luZCBvZg0KPiBsaW5rYWdlIGluZm9ybWF0aW9uIGludG8gbWFp bCBwcm9jZXNzaW5nLCBlLmcuIHBlcmhhcHMgdG8gdHJlYXQgc29tZSBtYWlscyBhcw0KPiBsZXNz LWxpa2VseSBzcGFtIGlmIGhlIHNlZXMgYSBsaW5rLCBjb21wYXJlZCB0byBpZiBoZSBkb2Vzbid0 ICh3aXRoIGFsbCB0aGUgb3RoZXINCj4gbWFpbCBwcm9jZXNzaW5nIGZvbyB0aGF0J2QgY2xlYXJs eSBiZSByZXF1aXJlZCB0byBub3QgZG8gdGhhdCBraW5kIG9mIHRoaW5nDQo+IHN0dXBpZGx5IG9m IGNvdXJzZSkuIFdlIGd1ZXNzIHRoYXQgdGhlcmUnZCBiZSBvdGhlciB1c2VzIHRvbyBidXQgZmlu ZGluZyBvdXQgaWYNCj4gdGhpcyBpcyBzZWVuIGFzIHVzZWZ1bCBlbm91Z2ggdGhhdCBwZW9wbGUg d291bGQgcHVibGlzaCBSUidzIGlzIHBhcnQgb2Ygd2h5DQo+IHdlIHNob3Qgb3V0IHRoZSBkcmFm dCBub3cuDQo+DQo+IFdlIGFsc28gY29uc2lkZXJlZCB3aGV0aGVyIG9yIG5vdCB0byBlLmcuIHRy eSB0byBhZGQgc29tZSBraW5kIG9mIGZsYWcgdG8NCj4gaW5kaWNhdGUgc2VtYW50aWNzIGJ1dCBy ZWNrb25lZCB3ZSBkb24ndCBrbm93IGVub3VnaCB0byBkbyB0aGF0IGZvciBub3cuDQoNClRoaXMg bWlnaHQgYWxzbyBiZSB1c2VmdWwgZm9yIElETiB2YXJpYW50cyB3aGVyZSBzb21lIGRvd25zdHJl YW0gY29uc3VtZXIgd291bGQgbGlrZSB0byBrbm93IHRoYXQgdHdvIGRpZmZlcmVudCBJRE5zIGFy ZSBhY3R1YWxseSAidGhlIHNhbWUiLiBUaGUgcmVsYXRpb25zaGlwIGJldHdlZW4gdmFyaWFudHMg aXNuJ3QgYSBwYXJlbnQtY2hpbGQgcmVsYXRpb25zaGlwICh0aGV5J3JlIG1vcmUgY29tbW9ubHkg c2libGluZ3MpLCBidXQgcGVyaGFwcyB0aGUgY29uY2VwdCBjb3VsZCBiZSBleHRlbmRlZCB0byBp ZGVudGlmeSBzaWJsaW5nIHJlbGF0aW9uc2hpcHMsIHRvby4NCg0KU2NvdHQNCg== From nobody Wed Feb 27 08:52:34 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81F3613100F; Wed, 27 Feb 2019 08:52:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Is88ExoKWNF; Wed, 27 Feb 2019 08:52:23 -0800 (PST) Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3E521310ED; Wed, 27 Feb 2019 08:51:52 -0800 (PST) Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 448hY25d53zD0B; Wed, 27 Feb 2019 17:51:50 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1551286310; bh=1oY9dTxQ0JxsdXArs2/xibi16IT2WHpwHX0qaUwllIo=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=nhhlYx63R4ek0Z3YwUeW9Z1MOT75wvm35SUMeD548TG/kPRpJkNb+vsD3/Dr+LHt4 naKzHGTY5XrZ8vZ8uewK2i/Psc6kfqbr4QgVskxRu6L0dVbO+4+oSK2Ar9swbrC3a6 fbNHXl2ywLUP5I/HrHqeL8gCZTW7ZiA9PwR3gtQ4= X-Virus-Scanned: amavisd-new at mx.nohats.ca Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id C3He0oqEqrRR; Wed, 27 Feb 2019 17:51:49 +0100 (CET) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 27 Feb 2019 17:51:49 +0100 (CET) Received: from [192.168.8.34] (nat05.wpe01.151FrontStW01.YYZ.beanfield.com [66.207.198.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bofh.nohats.ca (Postfix) with ESMTPSA id AB6DF5C85B; Wed, 27 Feb 2019 11:51:48 -0500 (EST) DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca AB6DF5C85B Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) From: Paul Wouters X-Mailer: iPhone Mail (16D57) In-Reply-To: <804a305f4d1b40daa6e9ca9b3e97f96d@verisign.com> Date: Wed, 27 Feb 2019 11:51:48 -0500 Cc: "stephen.farrell@cs.tcd.ie" , "Alexander_Brotman@comcast.com" , "art@ietf.org" , "dnsop@ietf.org" , "dbound@ietf.org" Content-Transfer-Encoding: quoted-printable Message-Id: References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> <804a305f4d1b40daa6e9ca9b3e97f96d@verisign.com> To: "Hollenbeck, Scott" Archived-At: Subject: Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2019 16:52:25 -0000 If it is really only a variant, you should just DNAME it to the other domain= ? Sent from mobile device On Feb 27, 2019, at 11:37, Hollenbeck, Scott wrote: >> -----Original Message----- >> From: DNSOP On Behalf Of Stephen Farrell >> Sent: Wednesday, February 27, 2019 11:15 AM >> To: Paul Wouters ; Brotman, Alexander >> >> Cc: art@ietf.org; dnsop@ietf.org; dbound@ietf.org >> Subject: [EXTERNAL] Re: [DNSOP] [dbound] Related Domains By DNS (RDBD) >> Draft >>=20 >>=20 >> Hiya, >>=20 >>> On 27/02/2019 15:54, Paul Wouters wrote: >>> How is this data being consumed by the enduser ? >>=20 >> Very good question. Sorry for what's likely a longer answer than you want= :-) >>=20 >> Alex and I chatted about that and I think ended up >> figuring: a) there are many potential semantics that could be associated w= ith >> such a linkage, b) we don't yet know what'd be useful, but c) no, we are d= efo >> not trying for an EV-like thing and lastly d) we really want to keep this= as >> simple as possible - given there's a lot of feature-creep potential here,= and >> that'd likely be fatal. >>=20 >> My own use-case for this relates more to surveys, where I'd like to get a= hint >> that two names are related so I could take that into account. Alex's is m= ore >> business like (as you'd expect:-) he'd like to be able to feed this kind o= f >> linkage information into mail processing, e.g. perhaps to treat some mail= s as >> less-likely spam if he sees a link, compared to if he doesn't (with all t= he other >> mail processing foo that'd clearly be required to not do that kind of thi= ng >> stupidly of course). We guess that there'd be other uses too but finding o= ut if >> this is seen as useful enough that people would publish RR's is part of w= hy >> we shot out the draft now. >>=20 >> We also considered whether or not to e.g. try to add some kind of flag to= >> indicate semantics but reckoned we don't know enough to do that for now. >=20 > This might also be useful for IDN variants where some downstream consumer w= ould like to know that two different IDNs are actually "the same". The relat= ionship between variants isn't a parent-child relationship (they're more com= monly siblings), but perhaps the concept could be extended to identify sibli= ng relationships, too. >=20 > Scott > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop From nobody Wed Feb 27 09:21:49 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B713F131024 for ; Wed, 27 Feb 2019 09:21:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=Rc1No4fB; dkim=pass (1536-bit key) header.d=taugh.com header.b=Ah7oPYff Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V34LnVbZXLbv for ; Wed, 27 Feb 2019 09:21:46 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A97B4130EE1 for ; Wed, 27 Feb 2019 09:21:45 -0800 (PST) Received: (qmail 5745 invoked from network); 27 Feb 2019 17:21:43 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=166f.5c76c727.k1902; bh=8nLo+XBXvDYNZi0Qmp36ML6pAfTf1K2CVFX/G7DaP+g=; b=Rc1No4fBSZsOmoJSHcZrMhSiGQIqF9uxyCx7nY6wmsid7MCQke9OrzXwH6+ZjeE8DGN6Qxmy+jKQtC2meqWS/ICXgyFbX0R5R3faS88EtW9z6GUDv9hfDPR5nrzfw8yksHjKax5fmwyKDegSXrt/x20ZjuKClw8H9hGuZp4e3osB4n9quaiTJ2siG97BpL7/vdpkpPBrAUOW9+qcblSvwKnFcHbkIXYQloWx8RiZdggu4CYWuMMigdFh7t8eBlqt DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=166f.5c76c727.k1902; bh=8nLo+XBXvDYNZi0Qmp36ML6pAfTf1K2CVFX/G7DaP+g=; b=Ah7oPYffUHnLYglQZ5cW9JYCGGGugw+N4TroHMn+/XO0GasC0+fDHv5YnFd5j5kGe1AYuTGdebRp3m/UFkwWD1nTbdPkV+GjaPV5Gn0CjbAzvKiuKSynmQfA12DFuVWTbNQ/aNe7k4KN4x3/fkCKSzYVMaiSwQjwbCaBMrls4/e5xUDES3Id+LA+SdJdpPUllFPCQCs4KHuMWAiEDJM6tBHU8wCWaiM/N4HM73aM3/erBThJ5P8B1omzWEzVAB50 Received: from ary.local ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 27 Feb 2019 17:21:43 -0000 Received: by ary.local (Postfix, from userid 501) id 10303200F57CE0; Wed, 27 Feb 2019 12:21:42 -0500 (EST) Date: 27 Feb 2019 12:21:42 -0500 Message-Id: <20190227172143.10303200F57CE0@ary.local> From: "John Levine" To: art@ietf.org, dbound@ietf.org Cc: paul@nohats.ca In-Reply-To: Organization: Taughannock Networks X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: Subject: Re: [dbound] [art] [DNSOP] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2019 17:21:48 -0000 In article you write: >If it is really only a variant, you should just DNAME it to the other domain ? I really wish people would stop saying this. There is a long list of well known reasons that DNAME doesn't work for aliasing 2LD variants. That's why .CAT used to do it but doesn't any more. From nobody Wed Feb 27 09:23:40 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 579AB13102A for ; Wed, 27 Feb 2019 09:23:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=virtualized-org.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lvf0KC0ztKew for ; Wed, 27 Feb 2019 09:23:31 -0800 (PST) Received: from mail-pf1-x435.google.com (mail-pf1-x435.google.com [IPv6:2607:f8b0:4864:20::435]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FB2D13102D for ; Wed, 27 Feb 2019 09:23:31 -0800 (PST) Received: by mail-pf1-x435.google.com with SMTP id j5so8327223pfa.2 for ; Wed, 27 Feb 2019 09:23:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtualized-org.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=ttSqyxB3cbhgqQl5fsj8buYvZ3Rg6VFsucrvLmije44=; b=KSm+OWUFLaFmx9Nz5kD1jMRCWyjQN6fQj0ERznBd+ccHQAA1lmNwMefl4Ay3uI36IN cCIOvW7lJxBfqawkgjB+bSrASDPfl0LV6rWTqD9OchlPf7gna7XWBnvXB6viGTXQU5JM gbuC+49X6qJrr8pmMCTBtFDnAkKClXR2mj4w7N2+/29UfAe4HzSMLg6tNyjNRDll2l5m aKSoUVrPyUfFdAsCWXgypqyU38tcBBzzecDCJ6z6mEtpp5oFQS9doc4pdVuxit+VDE4P UwEIQnQkr2hSPjd1wOjmnMQYo1AGlWdgOgw8MTll3sx+LV3I6k0CRcRQYq+J2T0PMXTf c9Hw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=ttSqyxB3cbhgqQl5fsj8buYvZ3Rg6VFsucrvLmije44=; b=S/xMI+8ZrKXrqEPoztOkZx+QlbSVHlEqEE+PqOOj7Nw46A3BuUYj91Zy2Od42PcXO7 9dHbw51IZfaVh+mZxsNA51hdQhQpIqvhMhqKWN3HXKgDKloZxV/WcoKzKrASag6XSStX 5XihPe0IxbeVekjQS2+MkOTpqiRjwKtpqPHd6jfLXmsYApp8ac37Dmp/n1oJOpVT6ZOV mfaExVww0arayxUsvljFwsYIu4AEWl+p5FNnfX6USFlm7bjmHwfnB6pSdn8F/fHw81Lf J43z2YvYlu0fmZFVkB+x11HBhELMeqB6JCqZJTinY4sO2oMLkEVSVRTTikx5L6gwG3km qBcg== X-Gm-Message-State: AHQUAuaYfyvvuSD5cpl3A79JA+iM9pC1qecfGFyb2iFMNFPP0GuBVomo LsBWGbln68EnWZxcaOCRKTYSsQ== X-Google-Smtp-Source: AHgI3IbgH24qGupZnDyISMKrI82zxtW2vQPOKLQfMj5CGaTe0LMuKerOlmYGny2sEMUq7OnGv7KoYw== X-Received: by 2002:a63:9dc3:: with SMTP id i186mr3948537pgd.305.1551288210360; Wed, 27 Feb 2019 09:23:30 -0800 (PST) Received: from [10.32.61.11] (32-236.lax.icann.org. [192.0.32.236]) by smtp.gmail.com with ESMTPSA id e63sm31993148pfa.116.2019.02.27.09.23.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 Feb 2019 09:23:29 -0800 (PST) Content-Type: multipart/signed; boundary="Apple-Mail=_0223F428-57F0-4A94-92FB-A199C8BE62D4"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) From: David Conrad In-Reply-To: Date: Wed, 27 Feb 2019 18:23:22 +0100 Cc: Paul Wouters , "art@ietf.org" , "dnsop@ietf.org" , "dbound@ietf.org" , Stephen Farrell X-Mailbutler-Message-Id: 836038D5-D2BE-4039-88D3-6AE159723752 Message-Id: <3E32ABA2-6E8E-4E92-A5FB-F194CFC62A5D@virtualized.org> References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> To: "Brotman, Alexander" X-Mailer: Apple Mail (2.3445.102.3) Archived-At: Subject: Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2019 17:23:34 -0000 --Apple-Mail=_0223F428-57F0-4A94-92FB-A199C8BE62D4 Content-Type: multipart/alternative; boundary="Apple-Mail=_3E667665-0034-466B-9B15-9669C6E4FC0A" --Apple-Mail=_3E667665-0034-466B-9B15-9669C6E4FC0A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Alexander, On Feb 27, 2019, at 4:32 PM, Brotman, Alexander = wrote: > I'm supportive of doing this in other ways, but also understand that = DNSSEC is not widely deployed. There is a difference between not being deployed and not being turned = on. My impression is that most DNS servers these days support DNSSEC, = however it has largely not been enabled. If you are going to be putting = stuff into the DNS for security decisions, you need to protect that = stuff and that means turning on DNSSEC. Regards, -drc --Apple-Mail=_3E667665-0034-466B-9B15-9669C6E4FC0A Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Alexander,

On = Feb 27, 2019, at 4:32 PM, Brotman, Alexander <Alexander_Brotman@comcast.com> wrote:
I'm = supportive of doing this in other ways, but also understand that DNSSEC = is not widely deployed.  

There is a difference between not being deployed = and not being turned on.  My impression is that most DNS servers = these days support DNSSEC, however it has largely not been enabled. =  If you are going to be putting stuff into the DNS for security = decisions, you need to protect that stuff and that means turning on = DNSSEC.

Regards,
-drc


= --Apple-Mail=_3E667665-0034-466B-9B15-9669C6E4FC0A-- --Apple-Mail=_0223F428-57F0-4A94-92FB-A199C8BE62D4 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEzEaOGlQw4bcyWBNfoCss/bh3zPcFAlx2x4oACgkQoCss/bh3 zPcO0hAAkp6fvfmuqWoUmzFle7VaThreyHIoJr/h9x3dNFngJBjY5las+mCZUMkx ltV9pRubTjt8JgxsN8zAsN3hhV9BtG50vkzZEpipxIfvjI/gnsocqlY5cHc0KPUJ ZqFGZVVNNpoNA0PB3HXwtaLuY4l1Vc4e2FkJvjAD5JIKXGtvyE2CjdJgfApOAq3q 4/azZOtekBzi6yWURjvff+X5ATh+oQkAlbKXFpXg/TYlSmwTBAa9cqG1knhZO4Yn A+hIlmJhBubgwpCrYqhYEdFJtOgLuUGH40CZ4S2Kkexva9FWhqtb/yhiG4qwajpS RKNEVmKbkfeFMX2ADRcnAWj7YazIgdyrx0FmxQiFarJuk9fTPhX3qI5bdJqBaGb0 mNHX1GzN5/Ooa71FVee6QUt+9ncI+kiJJ5ZgbYbpNKhJP5myL1AG5VDu+WEyc+9n eIarLnmK+UffBzt/fosKWavYmikm8AugFLcAybi6QagE4alfKe3gfLACbLV+2Pn+ VBJOGXJFXg/6xtM42PxL0/wSyv2bUca/9NxMal4NXPoTYc5qAESKuzjlg79bDKPd BZYNQMl0VqNcqEKa2r338sN+wtpw8ybvhglLz9oClTT4hHa3+KisJ/hbvLYXWWrg VHrcvbG/nbwjHB2ksY38q+smv4NHLXTRcu3dJLxjhsNhek87bp8= =GQbM -----END PGP SIGNATURE----- --Apple-Mail=_0223F428-57F0-4A94-92FB-A199C8BE62D4-- From nobody Wed Feb 27 09:32:52 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 213BF13101F for ; Wed, 27 Feb 2019 09:32:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 91RWdGBMMEsk for ; Wed, 27 Feb 2019 09:32:49 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A36AD130FFF for ; Wed, 27 Feb 2019 09:32:46 -0800 (PST) Received: (qmail 6603 invoked from network); 27 Feb 2019 17:26:04 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:reply-to:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=19c9.5c76c82c.k1902; bh=gsj/sSnUx7UarQGRiLuChokyrtrivXWnc98xnQd9dRg=; b=bbJrCx5MXwxvwkhxKfIQ5wFE9tFtBwwtepzwfO8XeNBJh3+754a9k/uiqsZzSNXsDL9vmIeRlWUD8XDiUqiW05cXmYcT7KrFfFjs0p3oVf/+XJ/VcnigZnzR6krGp/8XV2vrmnT+mccKfJjo+Vz577bXKvmvNiGsyAfYaigL8eZLJd7sq1tM/ZS8UQK+pu3Ma+2LrYCakoT+ja3cs/eDiY5LJTRwWV/A+utQGEoamCu8WyQ4/mQgKMkJfIK3zitN Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 27 Feb 2019 17:26:04 -0000 Date: 27 Feb 2019 12:26:03 -0500 Message-ID: From: "John R. Levine" Reply-To: dbound@ietf.org To: "Stephen Farrell" Cc: "art@ietf.org" , "dnsop@ietf.org" , "dbound@ietf.org" In-Reply-To: <8cbf0062-35c6-a8bd-e809-c6a5e9ce16c8@cs.tcd.ie> References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> <8cbf0062-35c6-a8bd-e809-c6a5e9ce16c8@cs.tcd.ie> User-Agent: Alpine 2.21 (OSX 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2019 17:32:50 -0000 > new signatures), I myself only copped on that this could > be of some use where the primary has DNSSEC but where the > secondary doesn't, which is maybe interesting. In that case, the primary can just publish pointers to the secondaries, and we're done. The DKIM-like signatures have an odd model where the primary has enough control over its DNS to publish the validation key, and enough to give the secondaries signed records for their names they can publish that point back to that key, but not enough just to publish the secondaries' names directly. I don't get it. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly From nobody Wed Feb 27 10:39:03 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3318613102A for ; Wed, 27 Feb 2019 10:38:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uI8JDl7rGzZn for ; Wed, 27 Feb 2019 10:38:53 -0800 (PST) Received: from mail-qk1-x741.google.com (mail-qk1-x741.google.com [IPv6:2607:f8b0:4864:20::741]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBC311310AF for ; Wed, 27 Feb 2019 10:38:51 -0800 (PST) Received: by mail-qk1-x741.google.com with SMTP id x6so10482269qki.6 for ; Wed, 27 Feb 2019 10:38:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=2QPCN32Ao2HiNLp+i6ku3dRSMhR7eyjHhcOIkTPD7tk=; b=l9/mQAeURPi0ZrCFulSN6Ku3t/i6oAfI5CFrKxeacwdlWgks4dUKFCxNS6Dx6wiL79 YDztJjRQ5C1NPW+GY6tu/1pf7nEUfgelJCti6LKfUla3IXy+2542+wXX9FiVSjKAvM7v CxKrqeSCcPxoo+Vygymv19+yX4DmBgY/aLuYj+/vL9/bB9eeQ3kdnKrH+lqjHVBXlU7N MpbNyQPBCWK6hJkcq7JjTkq+p8Zujxf2W77iEm9lue87MjCARvbDAlYtDP3gGfdbHp1l DM8pFCgbEU/NAr9CHm1/9keeAk3OhjhCthY2J9xF3kyg6EjHRPMuOkTOTTEsAFR/BKfz cfYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=2QPCN32Ao2HiNLp+i6ku3dRSMhR7eyjHhcOIkTPD7tk=; b=K/nU2qLpOJ54ZpSRTkbqsVawnK2dTqJRFUwmV6RvpMpe50yO6j7Fw2diE6hfF2rcO/ F7xuB3NaEygt/NWYJSPXge4lQRwhoineAQO38ZjRvsSDAm3w38unXRBxWsAyPhAoZSEW 5+m0JK013/sJAW1Pxp2teDpsImVm38dCxrPWqc/3kAdiN/FmQbN/YIxPKK/QRUQjL+80 UfZ4mpYKqpLkInfwlCmRgH6o2d5+zbwYDT05dUdKOIwyMf6s8u1sejWGKda9XA/aBXBa UkXe+xj5oxIxJFJyWH+tbuDXvMnrlbzcH/npJ0rtZo1OH0tJd+tjBM95a3i415IX9M39 6EXA== X-Gm-Message-State: AHQUAuYGG2/F+sOkxuBfIz26Olrw/qx82X+d5kRYJfeuS1ampFNqY5LP 99hDz4bp75+jr+nddbKs9/F3dRiLahknDg== X-Google-Smtp-Source: AHgI3IY/f4J14AyrkkINfQCGNGqXkYevc8creyvFKWCLQnERJk+XPBjKMcZYHD8yIOpJmYBXfQzcQA== X-Received: by 2002:a05:620a:1362:: with SMTP id d2mr3373237qkl.210.1551292730827; Wed, 27 Feb 2019 10:38:50 -0800 (PST) Received: from [10.0.100.12] (c-73-186-137-119.hsd1.nh.comcast.net. [73.186.137.119]) by smtp.gmail.com with ESMTPSA id o26sm8915764qkk.51.2019.02.27.10.38.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 Feb 2019 10:38:49 -0800 (PST) From: Ted Lemon Message-Id: Content-Type: multipart/alternative; boundary="Apple-Mail=_9E73AE07-C186-4A6D-83C3-51E8CDC2460C" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.2\)) Date: Wed, 27 Feb 2019 13:38:46 -0500 In-Reply-To: <8cbf0062-35c6-a8bd-e809-c6a5e9ce16c8@cs.tcd.ie> Cc: Paul Wouters , "Brotman, Alexander" , "art@ietf.org" , "dnsop@ietf.org" , "dbound@ietf.org" To: Stephen Farrell References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> <8cbf0062-35c6-a8bd-e809-c6a5e9ce16c8@cs.tcd.ie> X-Mailer: Apple Mail (2.3445.104.2) Archived-At: Subject: Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2019 18:38:55 -0000 --Apple-Mail=_9E73AE07-C186-4A6D-83C3-51E8CDC2460C Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 On Feb 27, 2019, at 10:57 AM, Stephen Farrell = wrote: > Yep. After both domains have DNSSEC, then this could all be > simpler. Before they do, there may be value in the sigs though > see John's simplification suggestion at [1]. If they don=E2=80=99t have DNSSEC, what=E2=80=99s the point of saying = the domains are related anyway? What are the security properties of = such an assertion when the content of the zones can=E2=80=99t be = validated? --Apple-Mail=_9E73AE07-C186-4A6D-83C3-51E8CDC2460C Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 On = Feb 27, 2019, at 10:57 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
Yep. After both domains have DNSSEC, then this could all = be
simpler. = Before they do, there may be value in the sigs though
see John's = simplification suggestion at [1].

If they don=E2=80=99t have DNSSEC, what=E2=80=99s = the point of saying the domains are related anyway?   What are the = security properties of such an assertion when the content of the zones = can=E2=80=99t be validated?


= --Apple-Mail=_9E73AE07-C186-4A6D-83C3-51E8CDC2460C-- From nobody Wed Feb 27 11:59:12 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6B681310AC; Wed, 27 Feb 2019 11:58:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.3 X-Spam-Level: X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GDkOAbrJN8ca; Wed, 27 Feb 2019 11:58:51 -0800 (PST) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6ADF6128766; Wed, 27 Feb 2019 11:58:51 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 5933ABE38; Wed, 27 Feb 2019 19:58:49 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jqtky8thXEOZ; Wed, 27 Feb 2019 19:58:47 +0000 (GMT) Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 80798BE2C; Wed, 27 Feb 2019 19:58:47 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1551297527; bh=EfZWAJM7HFVHBPoaRb05+zRBWNTOy/zK5XJEIzU5JUo=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=fMa9NfeHWiBKbj5uFNhymt3HGQu0i8qBfacvIIJwDR/Doeu4ImatVH7Jw8GGrtwVI Y8IRUJxdBSXQ0Dx9CV+tn8hwPub8LqlGVGGmpkogDixo7uTo5nygi5THfXNMY6nHEO mq53UOc196s774xH8yBOAKHgMwzOuvXRAXTo91s0= To: Ted Lemon Cc: "art@ietf.org" , "Brotman, Alexander" , Paul Wouters , "dnsop@ietf.org" , "dbound@ietf.org" References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> <8cbf0062-35c6-a8bd-e809-c6a5e9ce16c8@cs.tcd.ie> From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <249a56b6-7bf6-d1e3-2639-0f2d8043aa3e@cs.tcd.ie> Date: Wed, 27 Feb 2019 19:58:46 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="b3qZP7poFqdgO1rwluqh5E64zA1Mjz3vT" Archived-At: Subject: Re: [dbound] [art] [DNSOP] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2019 19:58:55 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --b3qZP7poFqdgO1rwluqh5E64zA1Mjz3vT Content-Type: multipart/mixed; boundary="AO36SZebxzHqFuuCwdF9NWGgISddqlCmP"; protected-headers="v1" From: Stephen Farrell To: Ted Lemon Cc: "art@ietf.org" , "Brotman, Alexander" , Paul Wouters , "dnsop@ietf.org" , "dbound@ietf.org" Message-ID: <249a56b6-7bf6-d1e3-2639-0f2d8043aa3e@cs.tcd.ie> Subject: Re: [art] [DNSOP] [dbound] Related Domains By DNS (RDBD) Draft References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> <8cbf0062-35c6-a8bd-e809-c6a5e9ce16c8@cs.tcd.ie> In-Reply-To: --AO36SZebxzHqFuuCwdF9NWGgISddqlCmP Content-Type: multipart/mixed; boundary="------------F55017405A9D9B9208775EFC" Content-Language: en-GB This is a multi-part message in MIME format. --------------F55017405A9D9B9208775EFC Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Answering two for the price of one... On 27/02/2019 17:26, John R. Levine wrote:>> new signatures), I myself only copped on that this could >> be of some use where the primary has DNSSEC but where the >> secondary doesn't, which is maybe interesting. > > In that case, the primary can just publish pointers to the secondaries,= > and we're done. > > The DKIM-like signatures have an odd model where the primary has enough= > control over its DNS to publish the validation key, and enough to give > the secondaries signed records for their names they can publish that > point back to that key, but not enough just to publish the secondaries'= > names directly. I don't get it. That could work, but'd mean the primary having to store all the records and an extra lookup if even if you had the public key cached. I believe the former could be an issue if there are many secondaries, at least according to one chat I had with someone involved with many domains (which I'm not). I think the design in our -00 is a bit better than that, but not hugely better and it's ok we can disagree about it - if this goes somewhere there'll be plenty of time to thrash it out as we go. On 27/02/2019 18:38, Ted Lemon wrote: > On Feb 27, 2019, at 10:57 AM, Stephen Farrell=20 > wrote: >> Yep. After both domains have DNSSEC, then this could all be=20 >> simpler. Before they do, there may be value in the sigs though see=20 >> John's simplification suggestion at [1]. >=20 > If they don=E2=80=99t have DNSSEC, what=E2=80=99s the point of saying t= he domains > are related anyway? What are the security properties of such an=20 > assertion when the content of the zones can=E2=80=99t be validated? The point of making the assertion would be in the eye of the beholder. The level of confidence one might have in such an assertion (without DNSSEC) should of course be lower. But we do work without DNSSEC for almost everything today so I'm not convinced "no DNSSEC" =3D> can't be done here. (And again, the use-cases we've discussed are not high-security ones.) FWIW, I am a fan of DNSSEC, deploy it for domains I control, and do consider that despite it's gnarliness it provides real benefits. But I don't believe we can seriously require it as a pre-requisite for almost anything today, and nor do I believe that our proposal, if it goes ahead would by itself cause people to deploy DNSSEC. So ISTM that making DNSSEC a MUST-use isn't the right approach in this case. Cheers, S. >=20 >=20 >=20 > _______________________________________________ art mailing list=20 > art@ietf.org https://www.ietf.org/mailman/listinfo/art >=20 --------------F55017405A9D9B9208775EFC Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5tDJTdGVwaGVuIEZhcnJlbGwgKDIwMTcp IDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJCZQmAAUL CQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1yw aps8HGUNhLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG +48od+Xn7qg6LT7GrHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXk kTFaSGYJj3yIP4R6IgwBYGMzDXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRr pZtXB1XQc23ZZmrlTkl2HaThL6w3YKdiTi1NbuMeOxZqtXcUshII45sANm4HuWNT iRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS3MmGgVS4ZoX8+VaPGpXdQVFy BMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml3OEuIQiP2ehRt/HV LMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi2/Jrsz6M zh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6 TzKjGjruq8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxIkBHAQQAQgABgUCWj1SoAAK CRAvPIc2gF+NovMcCACVZPo1cQa3D+vWaIo0ZyinO/MgtD2gHysoj1T0Qvq05//L ZXmhh578bJANvdl2g/HFhhwl/5HKIfWcyipQhmJklp/dsleKcNnn4B18T75RHY0G +po3ILq7evbiOjUH+xqApti1aCxi1GocsPghaLfsxmtXKMG4Xu7XhDTv66GOrqZf Y7+0ekJjD9Dza1t5NE/JR/VZA4B8PWR8Glb0+8C9rkjD0VZ5ekJdHPDGcJmFh8Z+ q25LDoI8Fgt1uKSowvoVnsQO5MFv/y6bXArtj1uB4hAL4JiOFgHlFdrW0MlFpvYm ziW4K9JHTD8KAfDbrb3e2W97ZDpROuYfE/lTbYOWiQI9BBMBCAAnBQJaPVAyAhsD BQkJlCYABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEFqy+vF7Fyvq0mkP/ius gsf6Z4/Tu+vHzBbl5i6oKI8ZieH8JfEgXx4ut9t7l3hBGC2r7DpR5A8zLMpEhGIK gFcHagksFkfLEE/FmWDfd1MysQafxBYrHaI27P2tkxfI5JYV6247TV39pQ93kGds tsjIrmh/zEJCVczoofxtz72BDt51H2Z8tN28F/YVHnbaGDwFEEzWKYpze87y/f36 ogcdGO6LDEEEIA6Ee0dGxleuKlLS4UDTt0zjo6L8TyiyPHp9C3+UfnP8837Zp3Fh KstIBd+vWgPdHFg2G5aDIYUvrj9UJBvVgaN/RnkwE+dab2OBSg5jkr141JLQvzdZ 4mOUXn5D9Y6AH6tvj0+ubYMV6j35L1/ZXncuXPVYiylcmDp/6f2WYcT3gx9CPUYA cLMjQV4vX2W8z4uEPyMlIJuGsLf7KhvLL8BQ6zlncT6eONfUUX9UJUCzqI5rqL5c b5jWGHeKvbLWRyQnlq5PXQxJTwYRm71rJTgzejc33LE6Nqg/Q25Dgwwsv+f+7i73 gB5loc80Fef+FV9VFGalFe0Yq8m0UASmkYRh7MH5ssoibpeWk+SGfBjOV4tnsAwR yjYLpAzxA8HeDcmlLeypGEDmsQ/iUvXoGaKOYX4Ieg8T/PCAplsqnJUOq8hbkgOC 98gLZfiltkNG8YhQpoZIHj6SxmBRSc3K99CvanuOiQIzBBABCAAdFiEEfhcKBFyE z0YOK3mgEO952f2DUxIFAlu3JJsACgkQEO952f2DUxJ4qRAAmbjiO3WTAeBCB4ME p2N2+XQCMTTFURDGuJnqU/+X//fhhPRq4V/OxgisKFKlBcAS2hsECvg6HDVSz4Fl 74fk/y+botG4/CjMLdKPB9fgh5zz72i3q0hWDixt50NKBv8IIVWOyYgZxDU/vcks lMEnqbFgJX+CfdALpvAM4WjuQP0UMcKNE3xd+EdDhD1xjK3Tq4XfWob9q6aBZgL2 B4IaADCIeDDE1hv0agnSJmMJE7Bti8tNxCCxVRbZtOaxVHXdRUoOx2XTaxFXupxV hbpHRrdFrwq51f6e3bkfkNEZ3fzYpnlbynJ2zL++JO8P3Pq/S6UKEFjEB50i8YgK WuFvGUsQ+YiDgiZU4saqxSBWbfYn3lY6MSSTg8RnXbFIMG3CFImqYk1uhaV+bDjc p0htjzM2F98g7c3o7sWx0bGarId4uhOmpj7JJVQ+lu7Jby6Ocj8n//7qF1Nn11Cw QlCVaeAq5Y5DmZrnww9I3zzOWWyqFkAVCM3GqeRLMvplD6/+O+5FF7XoHzQB47nk OyZtawy/9gssPWZKLv4qHLYS0wGGCiNbCsYy90s3pfeafM0kSxxjIvEz21KT6LJI /awu2ErQFWCkDMFJ1p/97MjPrQ/6d4cPO140V/wyfuWaBiTVqa9mgnb2zn6fYfDH JEvl1UzIx3JCae25tty1+qtnS0i0LlN0ZXBoZW4gRmFycmVsbCA8c3RlcGhlbkB0 b2xlcmFudG5ldHdvcmtzLmNvbT6JAj0EEwEIACcFAlo9UVoCGwMFCQmUJgAFCwkI BwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+o7HBAAxHAdFkBGZ9gJK8w7 NUYS9C6enGYtAYoKH5G3Bn3YScjErNfQtHYb53KwBQpVSOv1HcN8hbQ8mLTgn9lt zNwNSuv0XxIswi807HRSIZ4vYDiS5VKV1YkLYK5bLY5O4alVdzqM+AZQqkuHBu63 6n+C0ED6UwLhVBFfSNvBQVAdoq6gvr+IE8rCIKTMNGwNcgVPbF+YxP7UZM6p7s2a 5MIqGw7URSfaqfuztibXGOBLFbSwLGqHSSnOXBfEeDrwdZ+ur8cXIIPRIeCTVmeO 8bGgpgBqNQXG9oyGN+TrYAC+4Ahi0UjCk7QGj8tf3xICKoQpYyfceNBZJ/969gV9 tVgvRxUjxUwc9kZbi0c8XYMTq5GCvBIh1D6BOW9QBM2SsNgG3l36+e3+c2LDdyKn 20C1IzGLVDdcCtz42/onQ/e9sMlzFrfLjs5SO2/TnLvp2JtsIQXyb/T5qd0GE5j8 /iwfZR+uVTVVEsUl1a+Yllzt6sdR7RIhhKpKaKzEAk4d0+VHdz7zEkQRRSjbPVoS fy8c/kld9Fi8Buna+ZkKpcwIW+D4XP83pGcl0XUv6AyqwS1LnEt+jv/+PSXskYtU Lzn8Z35iKkSAH/5Nz6GCZk6ORPNv/6+UI92BpUbu/G2tBwK8bPgAg+gJxBx3G7MK W7VRCmM5UrtAK9A3O70VjPyMkHSJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLC LAf/X/9vRTZWtwSXxiBCA54a6hg9IvW0mvPUqgXfvrhtOk0IFucLKrTXK8J/NcmU 6ulxOovVbQ+Bin6gtHeCmSa/W523g/NXCOuFTnS/MyVibNL4+RCFwqGysl++Cm+L nj1MmasE9kO+CNdervx8APfxV7D6OYrG4eGag+LdFR6VpJn6tRT0/WvyT8l+Oqiq gdhXHv+0MvkkD9TX5LlJW4VB/yRvWkkmL5N5c5zYh+NcfTPhQ5S9dOorVzrm65d6 Itn0937Ennau7s7fiFdA0BHjWqEAFLsBIXQfCFjjKjdsKA4xlSiX7X7ElmPYpWa5 wwTQ66dL0anMd9y1DJCMOHe4gYkCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9 g1MSBQJbtyScAAoJEBDvedn9g1MSY7sP+gKR0rFU1g+GtB+hSdtwPRbacvml2eL2 Jc5Eq37J9hAqxHyt5V0If7s8IyVA2GXgdfwULBWbXGDUDiUkh20OPQRUS8G9Sf8A WRuG25q5C8ZzWygykL88RKXJZDFtA49CeqO5Bq5syBhq4QfiSTffQHIp3h0boPGU hSBEUQpooMXYQClNARQ+z/uRzR5bUi9wxdXNnxTn9ia4ASlaBPvUYTGY1jW2HrRR SwpI12+UaWsvc3jJtQ8X0kxgJ7jsFF1uqquIZ5eflQv+PHHg2RJSy37u0UFGb+OK ZEkzlmbPokKCYhzBR5PcD6sgdlaJNcidmto9u1oV6yZT8J2W4CTuUclgxt6f3lZq ZeVLnNnbHyKUdeypwLlqYISulfnMhZ3A6Bgpf2BtjL6KJbFtPBYmYdxI+HZyY49u U2ZHhRu+CSQ1y7zGKSX0gRp5hE7+A4XJtsT6lTLhbi9aiZTG1S6zKNhl3qNNzszc r27PrvFiyGhpuYQuzdQl2PMGbOI6Ojif3sab53NO3RLsLOM09wIlr95yKLlkXkUr WcvUJGrw6HKm8j5opXHTwmJOAbDpc6cMDu+ITRu4spdCnQJcE8RkO8tKyaLuh2Gt U5kYSBK97yr5VviX1FK6rY14LLmnE16OPiK2tiVBKy9nGM0DKtY+K9WcoRZ7s/d7 O0bMfzcNPtGLuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiez GPuBHmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9Wf pHTD8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC 6T5MsK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2 D/zE4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFe A7PbTuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ /Vf3vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbpt PEcmoazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKr em5r+oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96 Z22fQ0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYgh x8b7Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQ oqj1gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P /1tF6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8 Wpfdn3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJ gx252HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5 SLjNJIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2 oKjwrIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtA ZAGsokRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIA ypqYo3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoM eDQkd0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS /qmUyXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZ IMhkvMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XO KVc3YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DJ121 -----END PGP PUBLIC KEY BLOCK----- --------------F55017405A9D9B9208775EFC-- --AO36SZebxzHqFuuCwdF9NWGgISddqlCmP-- --b3qZP7poFqdgO1rwluqh5E64zA1Mjz3vT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAlx26/YACgkQWrL68XsX K+qjOg//Q5ONCYpW5AKUrPvILKZ24dOnPabsggNGBDtjNxG/ePa06UagrdSejYqd Gucnj7mxlYs3WnwVNvTCLeKuk7M8gzTIAkNwKsBWoMvkYSS8ftNWPeNWkrsSgzzX PRdppRzAaXXpHtlwIrxkx88QS4YjuchBHLHZ9B3WhrVdaRVJS412jT+l2WnAeh6n lZt9nK+a19YAxQgeEp2hKbqw8uxGaGCuZUp4dEjBY2g+7v2eSoK27cz8n7t6d14S dQ/W8gCXq/jeJSBU6oMvAaiKOx+bfoIcbN69jxRdz+CtESBRp72YndYslJckovqs DWmSZj/+QXf1qQfXUykuIMl4knkD4MwWsQsJWvw0rVUZsTNqXMQXzG8sEzmifhnh lY8zYkFGunT/jf/NhLV2lOO6jBSMH6TualZvbACmN4XsaZiMKHHjugTXqVAYknLF frWT66kcTZdnkZrk0mLtnnme/vTKU6dLirT+oIlL0f/DCgbnqZMF3aqUXt3wMxGc 8SaBu//DlbjNijgNKZc6fur3HsLFQ3VAWB4+JgBPoGUgk3zy2avNffHtMzBiMnbb cA/JEgb9U8ZSb60527aLHLXW5eBU64SSVfGM/vnJz15MKBa5mGN6riYRbhMexw4Y bjGQ61zyKFkwfbC/lDVY767ApAhYD7k61Lc7gbIkxUXXIiSzrrM= =87H3 -----END PGP SIGNATURE----- --b3qZP7poFqdgO1rwluqh5E64zA1Mjz3vT-- From nobody Wed Feb 27 12:54:36 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D72EE130E77; Wed, 27 Feb 2019 12:54:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gbjBvBn8f83u; Wed, 27 Feb 2019 12:54:28 -0800 (PST) Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26FC013112B; Wed, 27 Feb 2019 12:54:28 -0800 (PST) Received: from [198.252.137.10] (helo=PSB) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from ) id 1gz6Di-000PTj-56; Wed, 27 Feb 2019 15:54:26 -0500 Date: Wed, 27 Feb 2019 15:54:21 -0500 From: John C Klensin To: John Levine cc: art@ietf.org, dbound@ietf.org Message-ID: <1FFA1977E97DE99C390869DA@PSB> In-Reply-To: <20190227172143.10303200F57CE0@ary.local> References: <20190227172143.10303200F57CE0@ary.local> X-Mailer: Mulberry/4.0.8 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline X-SA-Exim-Connect-IP: 198.252.137.10 X-SA-Exim-Mail-From: john-ietf@jck.com X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false Archived-At: Subject: Re: [dbound] [art] [DNSOP] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2019 20:54:30 -0000 --On Wednesday, February 27, 2019 12:21 -0500 John Levine wrote: > In article > you write: >> If it is really only a variant, you should just DNAME it to >> the other domain ? > > I really wish people would stop saying this. There is a long > list of well known reasons that DNAME doesn't work for > aliasing 2LD variants. Because "let's throw DNAME (or a small variation) at variants" comes up so often, while I agree with John about the long list, at least one aspect of it is probably worth mentioning. It requires understanding "tree" but not any special understanding of IDNs, variants, etc. Suppose there is a relationship between two characters (fussy definitions not required) X and Y such that one would like to consider a label containing X but otherwise identical to a label containing Y as making those labels "variants" of each other (again, fussy definitions not required and this example works for things like synonyms or even translations whether one calls them "variants" or not. Now suppose we have abX.dXf.TLD and abY.dYf.TLD (or abX.ghi.dXf.TLD and abY.ghi.dYf.TLD) These cases are going to be quite common with reasonable use of such relationships if there is a predictable relationship between X and Y that depends on local habits, different languages using the same script, or the like. Whether we are talking about "variants" in the sense of RFC 3743 (the JET spec that introduced the term), look-alike characters, different spellings, or language translations, whatever principles cause a need for such a pairing to occur at the second level are also going to cause it to occur at the third level and below if the same relationships hold. The reasons why a cross-tree alias, like DNAME, between, e.g., dXf.TLD -> dYf.TLD either won't allow abY to exist and/or will cause problems with whatever it is trying to accomplish are left as an exercise, but the exercise should be very clear. So I too wish that people would stop saying this, proposing one-offs from DNAME, etc. best, john From nobody Wed Feb 27 13:04:07 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42970124408 for ; Wed, 27 Feb 2019 13:04:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.343 X-Spam-Level: X-Spam-Status: No, score=-0.343 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jothan-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 40Q1HlnlnJgX for ; Wed, 27 Feb 2019 13:04:03 -0800 (PST) Received: from mail-ua1-x943.google.com (mail-ua1-x943.google.com [IPv6:2607:f8b0:4864:20::943]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61041124B0C for ; Wed, 27 Feb 2019 13:04:03 -0800 (PST) Received: by mail-ua1-x943.google.com with SMTP id d4so5657070uap.5 for ; Wed, 27 Feb 2019 13:04:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jothan-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VrdB0DR9ir1vYV7sSgQLBWytAHm+RlNgpQ3MdfKp1oQ=; b=wRcVBvZBN7E7ijWJR2j2FkAaNilnnZ/cz5xqgTfoJm36eASddjSzWzF1CozBjbwWtA sGeCQ3JEZ9jDcU7jGUXkPYMwZYGWzjFjEwjpgEEJ/1srpxPabBc6siwa4HeRZa/eb0oG 3m8chIsgbl4MffpM2ESoFZPgmzDQrCfD0EromvRvavT0XCacPfAYvnJfv7pN0MMT/h5Z aroktljOe7jc2OZ83t63exQweyQJh3gA6lsP8U/ykgCXX4mYdiW5sp5xnvfOXW7QrSfO DM0tO7B8Tuigp23xBrGsQdai1Skdl9nNiBkvQeybHKbzXng2fHGgbkSwwGZ/jsTqDQok AyZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VrdB0DR9ir1vYV7sSgQLBWytAHm+RlNgpQ3MdfKp1oQ=; b=k6p3Ql1/NtSe4LXrKewoIxGw7hahf5JmQgPbRrVoR7Ppsz6pnL/1rH8+NsmJ54AXoC g2lScNNVz0vL/1p/3rdq5GxpSKdnrhXLIlqvd+N/Em0Aqb52qz9NMFxK47pi628LRk5m XNh+oZNxnEHqyKVaQSpwq0YX3WG+9YNU/JcpFQdIv0DP3+MnnC10dMqkytcheOcwqtuz Yea//rY84bt0Z2abkvQm6EInLn3HMksZAw0BEP/SQWNlMdAWog9HiexF2qvns6FloMSf tWGzbeYj9c+xwwKStqPTiMwdOBmdoW+cImIC2frDIaq3RgG+vnXVnTPlWxQOpYDDATps PP9g== X-Gm-Message-State: AHQUAublNAuvtZF87si7kDuWQ6248ewNNfuhE2MBJ5a7kbA8T7rtYKh8 ANkTZ2fKCbXgCA4GPnGjl3gVUtnCjS2/cgV0j4t4F0+AcoxU5A== X-Google-Smtp-Source: AHgI3IZJhooQv+ouUerPpylayfqmk8+ILSmhFbb//VeB1ljTuHDDfQdpB4Xjk/VcB8iM8HGM/LkD1d5G3E6raS2Smeg= X-Received: by 2002:ab0:748a:: with SMTP id n10mr3381695uap.89.1551301442223; Wed, 27 Feb 2019 13:04:02 -0800 (PST) MIME-Version: 1.0 References: <20190227172143.10303200F57CE0@ary.local> In-Reply-To: <20190227172143.10303200F57CE0@ary.local> From: Jothan Frakes Date: Wed, 27 Feb 2019 13:03:24 -0800 Message-ID: To: John Levine Cc: art@ietf.org, dbound@ietf.org, paul@nohats.ca Content-Type: multipart/alternative; boundary="0000000000006758420582e6838d" Archived-At: Subject: Re: [dbound] [art] [DNSOP] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2019 21:04:05 -0000 --0000000000006758420582e6838d Content-Type: text/plain; charset="UTF-8" I agree with John(s) on the DNAME comment - DNAME keeps being presented as the golden cure - it is not the solution one might think it could have been for variant _stuff_, though it does have some benefits Jothan On Wed, Feb 27, 2019 at 9:21 AM John Levine wrote: > In article you write: > >If it is really only a variant, you should just DNAME it to the other > domain ? > > I really wish people would stop saying this. There is a long list of > well known reasons that DNAME doesn't work for aliasing 2LD variants. > That's why .CAT used to do it but doesn't any more. > > _______________________________________________ > dbound mailing list > dbound@ietf.org > https://www.ietf.org/mailman/listinfo/dbound > --0000000000006758420582e6838d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I agree with John(s) on the DNAME comment= - DNAME keeps being presented as the golden cure - it is not the solution = one might think it could have been for variant _stuff_, though it does have= some benefits

Jothan


On Wed, Feb 27= , 2019 at 9:21 AM John Levine <johnl@= taugh.com> wrote:
In article <A59F2895-6369-4E84-A86B-C6585AB29D83@noh= ats.ca> you write:
>If it is really only a variant, you should just DNAME it to the other d= omain ?

I really wish people would stop saying this.=C2=A0 There is a long list of<= br> well known reasons that DNAME doesn't work for aliasing 2LD variants. That's why .CAT used to do it but doesn't any more.

_______________________________________________
dbound mailing list
dbound@ietf.org https://www.ietf.org/mailman/listinfo/dbound
--0000000000006758420582e6838d-- From nobody Wed Feb 27 14:19:48 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1987F131176; Wed, 27 Feb 2019 14:19:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=secureservernet.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ZuJmlpOxTqc; Wed, 27 Feb 2019 14:19:36 -0800 (PST) Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-eopbgr770137.outbound.protection.outlook.com [40.107.77.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82877131170; Wed, 27 Feb 2019 14:19:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secureservernet.onmicrosoft.com; s=selector1-godaddy-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XkBvrNK7wv7LxPi5gALoK1PlGuaiIIaunTbrl4JCtqQ=; b=5q1PMALQ1aMUjkdrrsxCw6i6w0lpcYVk593WgsZ1otolBy93RmPgHtGLzTD3UO9FHktS2CdfA9rWZzQI7DjYp9BPqh/AR+AldJqCeOmodNDfGS6I8h2xfEHXI2BhoJr8QaFYeVoFbwMvK4Q60WLSQRZLUbQJOHMCOXj9zlHCtu8= Received: from BYAPR02MB5190.namprd02.prod.outlook.com (20.177.124.15) by BYAPR02MB5672.namprd02.prod.outlook.com (20.177.230.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1643.18; Wed, 27 Feb 2019 22:19:33 +0000 Received: from BYAPR02MB5190.namprd02.prod.outlook.com ([fe80::d4e7:ce1a:9ae0:d53]) by BYAPR02MB5190.namprd02.prod.outlook.com ([fe80::d4e7:ce1a:9ae0:d53%3]) with mapi id 15.20.1643.019; Wed, 27 Feb 2019 22:19:33 +0000 From: "Michael J. Sheldon" To: "Brotman, Alexander" , "art@ietf.org" , "dbound@ietf.org" CC: "dnsop@ietf.org" , Stephen Farrell Thread-Topic: [DNSOP] Related Domains By DNS (RDBD) Draft Thread-Index: AdTNSNgC8Q46/YWfTPCiSrkXJ1OYgQBoaqiA Date: Wed, 27 Feb 2019 22:19:33 +0000 Message-ID: References: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> In-Reply-To: <5de9ba1c3ae34edb9c7f39e0e9c3b143@PACDCEX19.cable.comcast.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [2600:8800:2800:8db:6a6e:1d88:205:32e2] x-clientproxiedby: BYAPR08CA0051.namprd08.prod.outlook.com (2603:10b6:a03:117::28) To BYAPR02MB5190.namprd02.prod.outlook.com (2603:10b6:a03:68::15) authentication-results: spf=none (sender IP is ) smtp.mailfrom=msheldon@godaddy.com; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 71997c7f-9c80-4a02-3407-08d69d01a65b x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(4618075)(2017052603328)(7153060)(7193020); SRVR:BYAPR02MB5672; x-ms-traffictypediagnostic: BYAPR02MB5672: x-ms-exchange-purlcount: 2 x-microsoft-exchange-diagnostics: =?utf-8?B?MTtCWUFQUjAyTUI1NjcyOzIzOkpWZVRqcVU1MFlIT0xKNXA0MmQ1NE0wU21Z?= =?utf-8?B?ODdTdW9UNWhndzdBZVhibW1HR0tBZHc5UDN4aVBTaUVCclJqZ0tUNnVqOFZU?= =?utf-8?B?bm11Q08zSlV1dUo2cVg1WEpIaTNvR3dFNUVUUXIzOHcycTNRMDZnWWdPdW1U?= =?utf-8?B?amljZWpJZUJOT1JnSjYxbFJjZFMxdTBuTk1OVUQvNFNCdTJ2bjFGWnRzNWJD?= =?utf-8?B?M3AvR0UxRWgxUTZULzR6YXlQRHduWk9MWlRMTWdxcFN3QzdpVy9Vb0FMWEx6?= =?utf-8?B?V25DUFMrOVVhTHplTVZGTXRrTE5WcWUzVmlkcmtrdTFLOE9WemF6MjB2UURD?= =?utf-8?B?MWRXeW50eWNiSXBIUVRQWGNFT2E1MExzQ2ZxZGNHclhGdWpXSHFvWHdoUUdk?= =?utf-8?B?U3JPdHVKMm9jdlZGRC9Zc21qaHQvSW5ObFRkS2FuS3A3QUJpS1RpTytDNStE?= =?utf-8?B?LzlOcUZBeDcwclY3MEpma3VuNXV0TEJHQTQ3WEpEM015anUxTFY1aUpnRVJZ?= =?utf-8?B?cmU2d1FuaVZlR1JaVFl5ZUxORm1DaGNZOEJ3aGVKdXU4WFRoQmRaQUFTMVVG?= =?utf-8?B?aXlWQk8yN3VLNmkyU2JDUXROS3ZnNHlBVGVsd25KRm9kSHNld1NCdTR1Z1BZ?= =?utf-8?B?Nnl1V0hjL0ZUa2daejBCUVNRSUlScjdacDIvMWg5Rjl6ZWlBQVhyRFI3ZnYr?= =?utf-8?B?TnVjaEE5UHZTaWx3N0szZGVUeUtxdWEwNEp6MC9UeTlPdU9WUW0wclIvWmd0?= =?utf-8?B?T0J0U3NJMDBJODVRRzRhd3ZVNEpreGhpaGR5WXd3ZE1POU1NaUdkTVg4TVlz?= =?utf-8?B?SzdEa0hKQVl2ZnlQeDlRUUtxQS9HUkdOV21uL2VvdjhJSlpydXJ3aWVDZk1r?= =?utf-8?B?L0Z1YmJONTNKSzFuYzA5eGp0RFNIT0Y3VzY2M1V6SE9PYWE1YWl3K2xGYjZ0?= =?utf-8?B?MkFXQnJsSFdkSG1scGljdHFCb2E1QWttMU5uQVBXcUh0cDczNjBneU5LZ0JZ?= =?utf-8?B?aElmbHVoaHhkcnNTenN4NVhzSE9wT3k4cW5LTnFlQTY3Ry8xemJjYVREUmhY?= =?utf-8?B?RzlqOXpHQmNadnl6UEVXUkJuVEF4RkcxYk1YWnlERDBzWElIMGVUNnJvUzZh?= =?utf-8?B?RUJLTjNPLytPVWt1a0dkUHQ2V0hHUUV2WFlvbGlPVk51Qm5mYUhaSktqbUtp?= =?utf-8?B?Snd3NzNmU2IzVkVDd2dzMVp1Wk81WUxOeldKTko1N3p3UEtvNWQwZlkwN1Ry?= =?utf-8?B?bWZQVC9TeUN0WGh2RlFrSzg5dGpJejR1dzdmTWhqSi9jK24yRW1sM21GU2Q0?= =?utf-8?B?L25kYlR3d0NkZndyQVVCN1ZFMVJkZXc5Zkw5b2tWWjVHbzlkeEt5Y0w5d09H?= =?utf-8?B?K0d5c0wwWTNmWXVUMzdoWWhQZUtqbHhKMFM1ZWRuZ2NrNllXdktwZ0hETnVF?= =?utf-8?B?c1hCSnZmdzdkN2paNkd2ZnpNZjlnVVNEK2JkZnVHWFNWL3Z1djkzNS9mTTFD?= =?utf-8?B?b0tmOE1TOWhiOHpmVlhqdk5keVpyYkpIOFUzdWR4VWRpN3R3ZWlVZDVZSnJp?= =?utf-8?B?aWxCajNFb0Q5d3Q5eVpxYzlZejE2Z2tDM1orUWhCaXJuOFFCbkoxSy85TVF3?= =?utf-8?B?MGJUb3BXWHNWUEUvTlZnS05qR0hCQnY3TXVXUGY5RXl1bDZZL2RnQlhCb3F4?= =?utf-8?B?RkFNSWs1TFJOMTdEc3JPYTBETmo3Um01ajRPeWNuNzJSejBub05zb0JTcnY0?= =?utf-8?B?VjI3N2xwZHZzb0VEcUE3aUljQkdrSk84RUExcCtFaUNBMEJwZU15RWJ5ZWhn?= =?utf-8?Q?YaFYaRTl16jHr?= x-microsoft-antispam-prvs: x-forefront-prvs: 0961DF5286 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(39860400002)(346002)(366004)(376002)(396003)(189003)(199004)(6486002)(31686004)(6436002)(6512007)(6306002)(2906002)(99286004)(110136005)(54906003)(71200400001)(71190400001)(2616005)(4326008)(486006)(25786009)(476003)(478600001)(14444005)(316002)(296002)(256004)(11346002)(966005)(14454004)(86362001)(46003)(52116002)(305945005)(106356001)(97736004)(7736002)(36756003)(446003)(6116002)(68736007)(2201001)(105586002)(229853002)(53936002)(2501003)(386003)(6506007)(81156014)(8936002)(8676002)(81166006)(102836004)(31696002)(5660300002)(76176011)(6246003)(186003)(53546011); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR02MB5672; H:BYAPR02MB5190.namprd02.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: godaddy.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 5UGZyNP9RQSaEv8ffBec9AXJIWe3n8jAL+hoE8uLmAqG2sjh/ElGsDgRUpRWRDNwRPnfLS4lhFhL4bJnUhXaEfysV4Itub3qpc1kk4Cyg9ejCHF346ToL9Qy0+H935GyJxYusj2bk9j07HawKUq2CIinF0YsivPJhsLvFtDOLDwjLHcwHNpRRHlvvuOh3xY3IDYDL++RTSFuAtqjwuZ/fJNo4SiMx3D4YwnQNaLYYFW+WxseBWGEBj6+xeykmnVafGUGYGJbny3CHf1dz1g5LIGHRCXYsomfX5LAEprA7JfxFqVKP2NslSod8JiWYs9CYu2QMxvvZeGo3q1YBdRdGXnARdBUt7Y1QIMl0O/hG11Bbi5p5akfyOkOrdQm6TTHKK0wV8CtEHtVRXGCMtYn7JO5/ffLYkLMFE+NRlFAJ9k= Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: godaddy.com X-MS-Exchange-CrossTenant-Network-Message-Id: 71997c7f-9c80-4a02-3407-08d69d01a65b X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Feb 2019 22:19:32.8925 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-id: d5f1622b-14a3-45a6-b069-003f8dc4851f X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR02MB5672 Archived-At: Subject: Re: [dbound] [DNSOP] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2019 22:19:39 -0000 U2VjdGlvbiAxOg0KDQpDdXJyZW50IGlzc3VlcyAjMSBzYXlzICJ1c2UgVFhUIG9yIG5ldyBSUj8g IChBVEI6IG5ldyBSUiwgYnV0IFRYVCBmb3Igbm93KSINCg0KSXMgdGhlcmUgYSBzaW5nbGUgcGVy c29uIGhlcmUgd2hvIGJlbGlldmVzIHRoaXM/IE9uY2UgaW1wbGVtZW50ZWQgYXMNClRYVCwgSSBn aXZlIHRoZSBvZGRzIG9mIHNlZWluZyBhIHNwZWNpZmljIHR5cGUgcmVjb3JkIGJlaW5nIGltcGxl bWVudGVkDQphcyBsZXNzIHRoYW4gemVyby4gUGljayBvbmUsIGRvbid0IHRlYXNlLg0KDQpTZWN0 aW9uIDI6DQoNCkkgYW0gdmVoZW1lbnRseSBhZ2FpbnN0IGFkZGluZyB5ZXQgYW5vdGhlciBsYXJn ZSBUWFQgcmVjb3JkIGF0IHRoZSBhcGV4DQpvZiB6b25lcy4gRXZlcnlib2R5IGFuZCB0aGVpciBi cm90aGVyIHdhbnRzIHRvIGphbSBzb21ldGhpbmcgdGhlcmUuIFdlDQphcmUgcG9sbHV0aW5nIHRo ZSBhcGV4IHRvIHN1Y2ggYSBwb2ludCB0aGF0IGl0IHdpbGwgbm8gbG9uZ2VyIGJlDQpwb3NzaWJs ZSB0byBhbnN3ZXIgVFhUIHF1ZXJpZXMgdmlhIFVEUCBldmVuIHdpdGggRUROUy4gSWYgeW91IE1V U1QgdXNlDQpUWFQsIHBsZWFzZSBwcmVmaXggdGhlIG5hbWUgd2l0aCBhbiBhcHBsaWNhdGlvbi1z cGVjaWZpYyB2YWx1ZS4NCg0KT24gMi8yNS8xOSAxOjM4IFBNLCBCcm90bWFuLCBBbGV4YW5kZXIg d3JvdGU6DQo+IEhlbGxvLA0KPiANCj4gU3RlcGhlbiBhbmQgSSBoYXZlIHNwZW50IGEgYml0IG9m IHRpbWUgd29ya2luZyBvbiBhIGRyYWZ0IHRvIGJlIGFibGUgdG8gc2hvdyBhIHJlbGF0aW9uc2hp cCBiZXR3ZWVuIHR3byBkb21haW5zLiAgV2UncmUgYXdhcmUgdGhpcyBzdWJqZWN0IGhhcyBiZWVu IGNvdmVyZWQgYSBmZXcgdGltZXMgcHJldmlvdXNseSwgZXNwZWNpYWxseSBpbiB0aGUgREJPVU5E IGRyYWZ0cywgYnV0IHdlJ3JlIGhvcGVmdWwgdGhhdCBhIG1vcmUgc2ltcGxlIGFwcHJvYWNoIG1p Z2h0IGJlIG1vcmUgYWNjZXB0YWJsZS4gICBUaGUgc2Vjb25kYXJ5IGRvbWFpbiB3aWxsIGNyZWF0 ZSBhIEROUyByZWNvcmQgdGhhdCBzaG93cyBhIGxpbmsgdG8gYSBwcmltYXJ5IGRvbWFpbiwgYW5k IHRoZSB0ZXh0IHNob3VsZCBiZSBhYmxlIHRvIGJlIHZhbGlkYXRlZCB1c2luZyB0aGUgcHVibGlj IGtleSBpbiBhIEROUyByZWNvcmQgdGhlIHByaW1hcnkgZG9tYWluIHNoYXJlcy4gIFRoaXMgaXMg c29tZXRoaW5nIGFraW4gdG8gREtJTSwgYSBtZWNoYW5pc20gdGhhdCB0aGUgZW1haWwgd29ybGQg dXNlcyB0byBlbnN1cmUgdGhlIGNvbnRlbnRzIG9mIGEgbWVzc2FnZSBoYXZlIG5vdCBiZWVuIHRh bXBlcmVkIHdpdGguDQo+IA0KPiBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFm dC1icm90bWFuLXJkYmQvDQo+IA0KPiBXZSdsbCByZXF1ZXN0IHRoYXQgcmVwbGllcyByZWxhdGlu ZyB0byB0aGlzIGJlIHNlbnQgdG8gdGhlIGRib3VuZEBpZXRmLm9yZyBkdWUgdG8gdGhlIG5hdHVy ZSBvZiB0aGUgdG9waWMsIGJ1dCBpdCB3YXMgc3VnZ2VzdGVkIHRoYXQgd2UgbWlnaHQgd2FudCB0 byBub3RpZnkgYSBmZXcgb3RoZXIgbGlzdHMgZm9yIHRoZWlyIGF3YXJlbmVzcy4gIFRoYW5rIHlv dSBmb3IgeW91ciBwYXJ0aWNpcGF0aW9uIGFuZCBjb21tZW50cy4NCj4gDQo+IC0tDQo+IEFsZXgg QnJvdG1hbg0KPiBTci4gRW5naW5lZXIsIEFudGktQWJ1c2UgJiBNZXNzYWdpbmcgUG9saWN5DQo+ IENvbWNhc3QNCj4gDQo+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fDQo+IEROU09QIG1haWxpbmcgbGlzdA0KPiBETlNPUEBpZXRmLm9yZw0KPiBodHRwczov L3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2Ruc29wDQo+IA0KDQotLSANCk1pY2hhZWwg U2hlbGRvbg0KRGV2LUROUyBTZXJ2aWNlcw0KR29EYWRkeS5jb20NCg== From nobody Wed Feb 27 17:49:09 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DA66130EAB for ; Wed, 27 Feb 2019 17:49:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=N15S0TK2; dkim=pass (1536-bit key) header.d=taugh.com header.b=ZwMhNuuf Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MdywQp9xRKTa for ; Wed, 27 Feb 2019 17:48:58 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73FF11277D2 for ; Wed, 27 Feb 2019 17:48:58 -0800 (PST) Received: (qmail 67769 invoked from network); 28 Feb 2019 01:48:57 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=108b4.5c773e09.k1902; bh=POPyT9cIKEd2L0E9MhwnBmIXJ9/y+/bJN+Fj+RAXgSc=; b=N15S0TK2MMKvcl2KBkfE+zULcv/1Px+gjzZHr/Y2ni3J1vULAPSSqbai/mZ6DlBpO1jURf/ibxgC/OcVsnq9R9TRAkzisde54IRbJsT0JV7m2sGKGXHs655cjLC5BFSK3P3FpiqK4fpHfQrGAXrZWe86pXeG/CKsgCjrYPvsn6XuOLMmic1mGOsgECRq2Hp9ApARIcsWFKx7FTogeZVGopvuPG3WKTRJRbcL/C5Fi9aQkPZU7GBNIjtkXSIDQTNp DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=108b4.5c773e09.k1902; bh=POPyT9cIKEd2L0E9MhwnBmIXJ9/y+/bJN+Fj+RAXgSc=; b=ZwMhNuufkK4aMWpx7+NVz1q0oJuXCqnIhMCG/QcgtCDnwSPrOMxiANYS5YZT+tWT/WUseUZ4LdsZvFZMbQkDq1dJLYLWb0CUaK6shUF6eHxmBIU+w8NKCH1mfbxP6XT5t7l5vmwf5oHtlZoLElkehcG35ZGE+o8bbKlLfuo5sNtiK2qXKFzDp5GDid6a5nxkP4Wmfm/BrYkjZHc7WngRNZrEbjYgjTnP68o+yRRRsM+dRq7pcC/ykox2YQhu4vHD Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 28 Feb 2019 01:48:56 -0000 Date: 27 Feb 2019 20:48:56 -0500 Message-ID: From: "John R Levine" To: "John C Klensin" Cc: art@ietf.org, dbound@ietf.org In-Reply-To: <1FFA1977E97DE99C390869DA@PSB> References: <20190227172143.10303200F57CE0@ary.local> <1FFA1977E97DE99C390869DA@PSB> User-Agent: Alpine 2.21 (OSX 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [dbound] [art] [DNSOP] not DNAME, was Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Feb 2019 01:49:02 -0000 On Wed, 27 Feb 2019, John C Klensin wrote: > at least one aspect of it is probably worth mentioning. It > requires understanding "tree" but not any special understanding > of IDNs, variants, etc. You don't even have to go that for. Let's say you do this: foo.com. DNAME bar.org. Then www.foo.com will be an alias for www.bar.org, but DNAMEs only affect names below themselves, so foo.com will remain undefined, and you can't put a CNAME and a DNAME on the same name. This makes it useless for what most people imagine they want to use it for. There's the additional issue that an MX with a target of a CNAME or DNAME doesn't work reliably, and the point you made that if you've got variants, you can get a very bushy tree every time a variant character appears in a label. This issue has been argued at great length with proposals like BNAME and CLONE so let's not redo it here. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly From nobody Wed Feb 27 18:03:38 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B12A8130ED7 for ; Wed, 27 Feb 2019 18:03:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=B5HqItVX; dkim=pass (1536-bit key) header.d=taugh.com header.b=fzQHZ/YR Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bv3LnM60RP7Q for ; Wed, 27 Feb 2019 18:03:35 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F21A9130ECF for ; Wed, 27 Feb 2019 18:03:34 -0800 (PST) Received: (qmail 70194 invoked from network); 28 Feb 2019 02:03:33 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:reply-to:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=11230.5c774175.k1902; bh=2f2OxB/3AD+cX0MyYgUBXX9iSAv7iAVj90ce5T0Qa/4=; b=B5HqItVX98OCOYRAtf1v79QtU1IZ7uMhWC/y1xKBGxVrrjQJvwY6JQk4ms7aMeRSc+t4YSMiL7/J/w5N4D2yPXkZrH4KNofQ0PDvPSneYeB8fxNm4c19muMIFR4Yava/Dbc9hDX4DgXUCZG3WYWmBKi9DWVdrK4L0gkCa0TEofrulpkPvjP4Q9DuJ/CxwiREJOTCaxyG5Q9pB1uIpMk7b6bkUlcBsPOBsq8myJEMWjk/Ty9DHgADZNP1SdQ1aspd DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:reply-to:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=11230.5c774175.k1902; bh=2f2OxB/3AD+cX0MyYgUBXX9iSAv7iAVj90ce5T0Qa/4=; b=fzQHZ/YR6kf/ctlixBs1XIGkIrL1N6h2r4NmFjOXu4L8IQkBoY+1RDWAHixdnul7owB4ZOb9eyNl78xhW66pBoe55hgVz9fP0D2Q/NW+GE3O7dnTlsy+3syS4knaNQeze7M3vx1ajL+/v9DgfY1Y1UOlu+QbLJ2fG/aAWGh1rCfNmSh6YI7E1R3L4DCk28mBQwa9geVqYCNyXXgOZlFleb0Cg8HG70aYmEpT49+YIhUUc/adR2lJpJV73+AD4c5P Received: from ary.local ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 28 Feb 2019 02:03:32 -0000 Received: by ary.local (Postfix, from userid 501) id D2112200F6CEC9; Wed, 27 Feb 2019 21:03:32 -0500 (EST) Date: 27 Feb 2019 21:03:32 -0500 Message-Id: <20190228020332.D2112200F6CEC9@ary.local> From: "John Levine" Reply-To: dbound@ietf.org To: art@ietf.org, dbound@ietf.org, dnsop@ietf.org Cc: stephen.farrell@cs.tcd.ie In-Reply-To: <249a56b6-7bf6-d1e3-2639-0f2d8043aa3e@cs.tcd.ie> Organization: Taughannock Networks X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: Subject: Re: [dbound] [art] [DNSOP] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Feb 2019 02:03:37 -0000 In article <249a56b6-7bf6-d1e3-2639-0f2d8043aa3e@cs.tcd.ie> you write: >> point back to that key, but not enough just to publish the secondaries' >> names directly. I don't get it. > >That could work, but'd mean the primary having to store >all the records and an extra lookup if even if you had the >public key cached. I believe the former could be an issue >if there are many secondaries, at least according to one >chat I had with someone involved with many domains (which >I'm not). Well, OK, if that's an issue you spread the names out like we did with VBR. If the primary is foo.com and the secondary is bar.org: bar.org._same.foo.com. SAME . ; yes, we're a primary for whatever name that was _same.bar.org. SAME foo.com. ; yes, we're secondary for foo.com. This makes it somewhat more difficult to scrape all the secondaries for a primary which may be a feature. R's, John From nobody Wed Feb 27 18:17:17 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA97412D861; Wed, 27 Feb 2019 18:17:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.3 X-Spam-Level: X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xdPKpx529MBK; Wed, 27 Feb 2019 18:17:13 -0800 (PST) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4CF8F12867A; Wed, 27 Feb 2019 18:17:12 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 0652CBE38; Thu, 28 Feb 2019 02:17:11 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nMwa39mSk4Tv; Thu, 28 Feb 2019 02:17:05 +0000 (GMT) Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 42DD0BE2E; Thu, 28 Feb 2019 02:17:05 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1551320225; bh=iLJO6W/VnwdnWiLFwtvRdr/a7qzja/OS7IBfZ1v4wUc=; h=Subject:To:References:From:Date:In-Reply-To:From; b=UBDNpGGTzUtD71KyupAPQKXRU6oOPy3tQq7nDm/CCuqcrZlygmXcuA+9IuNadAFBK MCUNq5t6rrCcGF1a0q07dUgI6DxOs2m0IhHtK38ouvUXQAMUkMfuATtgbr0+LU0lCO siK+DRwlB+p36URWHHikfM4JRTlIiUj/MQirOKaY= To: dbound@ietf.org, John Levine , art@ietf.org, dnsop@ietf.org References: <20190228020332.D2112200F6CEC9@ary.local> From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <7af62833-8ec7-df92-9241-1f8ce92b0d9a@cs.tcd.ie> Date: Thu, 28 Feb 2019 02:17:04 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 MIME-Version: 1.0 In-Reply-To: <20190228020332.D2112200F6CEC9@ary.local> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="sMv3FW3LtF0KIqRUXDWYuFZ5pAd3QLiW2" Archived-At: Subject: Re: [dbound] [art] [DNSOP] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Feb 2019 02:17:16 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --sMv3FW3LtF0KIqRUXDWYuFZ5pAd3QLiW2 Content-Type: multipart/mixed; boundary="UYUJECyKkq4ux6B6gdTPyFvVifizikgVj"; protected-headers="v1" From: Stephen Farrell To: dbound@ietf.org, John Levine , art@ietf.org, dnsop@ietf.org Message-ID: <7af62833-8ec7-df92-9241-1f8ce92b0d9a@cs.tcd.ie> Subject: Re: [dbound] [art] [DNSOP] Related Domains By DNS (RDBD) Draft References: <20190228020332.D2112200F6CEC9@ary.local> In-Reply-To: <20190228020332.D2112200F6CEC9@ary.local> --UYUJECyKkq4ux6B6gdTPyFvVifizikgVj Content-Type: multipart/mixed; boundary="------------1C526C24358E2DB43434235C" Content-Language: en-GB This is a multi-part message in MIME format. --------------1C526C24358E2DB43434235C Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, On 28/02/2019 02:03, John Levine wrote: > Well, OK, if that's an issue you spread the names out like we did with > VBR. If the primary is foo.com and the secondary is bar.org: >=20 > bar.org._same.foo.com. SAME . ; yes, we're a primary for whatever name = that was >=20 > _same.bar.org. SAME foo.com. ; yes, we're secondary for foo.com. >=20 > This makes it somewhat more difficult to scrape all the secondaries > for a primary which may be a feature. Yep, that could work. I still prefer the design in our -00 though (sorry:-) as in your scheme here foo.com's zone will have to change with every change in a linkage whereas in the -00 design, changes are only needed in each of the bar.org zones that actually do change. (I think the counter to that might relate to difficulty in synchronising changes to keys/selectors in our -00 design which can have unexpected effects as we saw in the case of DKIM and a particular mail corpus leak in 2016;-). To be clear: for my purposes I'd be ok with various of the designs we've been discussing - even if I think some are better than others, they're nearly equally ok. I think the main thing is to try keep it simple (as you've been doing) and to try find out if people might publish such values (absent which, there's no much point in publishing an RFC). Cheers, S. --------------1C526C24358E2DB43434235C Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5tDJTdGVwaGVuIEZhcnJlbGwgKDIwMTcp IDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJCZQmAAUL CQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1yw aps8HGUNhLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG +48od+Xn7qg6LT7GrHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXk kTFaSGYJj3yIP4R6IgwBYGMzDXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRr pZtXB1XQc23ZZmrlTkl2HaThL6w3YKdiTi1NbuMeOxZqtXcUshII45sANm4HuWNT iRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS3MmGgVS4ZoX8+VaPGpXdQVFy BMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml3OEuIQiP2ehRt/HV LMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi2/Jrsz6M zh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6 TzKjGjruq8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxIkBHAQQAQgABgUCWj1SoAAK CRAvPIc2gF+NovMcCACVZPo1cQa3D+vWaIo0ZyinO/MgtD2gHysoj1T0Qvq05//L ZXmhh578bJANvdl2g/HFhhwl/5HKIfWcyipQhmJklp/dsleKcNnn4B18T75RHY0G +po3ILq7evbiOjUH+xqApti1aCxi1GocsPghaLfsxmtXKMG4Xu7XhDTv66GOrqZf Y7+0ekJjD9Dza1t5NE/JR/VZA4B8PWR8Glb0+8C9rkjD0VZ5ekJdHPDGcJmFh8Z+ q25LDoI8Fgt1uKSowvoVnsQO5MFv/y6bXArtj1uB4hAL4JiOFgHlFdrW0MlFpvYm ziW4K9JHTD8KAfDbrb3e2W97ZDpROuYfE/lTbYOWiQI9BBMBCAAnBQJaPVAyAhsD BQkJlCYABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEFqy+vF7Fyvq0mkP/ius gsf6Z4/Tu+vHzBbl5i6oKI8ZieH8JfEgXx4ut9t7l3hBGC2r7DpR5A8zLMpEhGIK gFcHagksFkfLEE/FmWDfd1MysQafxBYrHaI27P2tkxfI5JYV6247TV39pQ93kGds tsjIrmh/zEJCVczoofxtz72BDt51H2Z8tN28F/YVHnbaGDwFEEzWKYpze87y/f36 ogcdGO6LDEEEIA6Ee0dGxleuKlLS4UDTt0zjo6L8TyiyPHp9C3+UfnP8837Zp3Fh KstIBd+vWgPdHFg2G5aDIYUvrj9UJBvVgaN/RnkwE+dab2OBSg5jkr141JLQvzdZ 4mOUXn5D9Y6AH6tvj0+ubYMV6j35L1/ZXncuXPVYiylcmDp/6f2WYcT3gx9CPUYA cLMjQV4vX2W8z4uEPyMlIJuGsLf7KhvLL8BQ6zlncT6eONfUUX9UJUCzqI5rqL5c b5jWGHeKvbLWRyQnlq5PXQxJTwYRm71rJTgzejc33LE6Nqg/Q25Dgwwsv+f+7i73 gB5loc80Fef+FV9VFGalFe0Yq8m0UASmkYRh7MH5ssoibpeWk+SGfBjOV4tnsAwR yjYLpAzxA8HeDcmlLeypGEDmsQ/iUvXoGaKOYX4Ieg8T/PCAplsqnJUOq8hbkgOC 98gLZfiltkNG8YhQpoZIHj6SxmBRSc3K99CvanuOiQIzBBABCAAdFiEEfhcKBFyE z0YOK3mgEO952f2DUxIFAlu3JJsACgkQEO952f2DUxJ4qRAAmbjiO3WTAeBCB4ME p2N2+XQCMTTFURDGuJnqU/+X//fhhPRq4V/OxgisKFKlBcAS2hsECvg6HDVSz4Fl 74fk/y+botG4/CjMLdKPB9fgh5zz72i3q0hWDixt50NKBv8IIVWOyYgZxDU/vcks lMEnqbFgJX+CfdALpvAM4WjuQP0UMcKNE3xd+EdDhD1xjK3Tq4XfWob9q6aBZgL2 B4IaADCIeDDE1hv0agnSJmMJE7Bti8tNxCCxVRbZtOaxVHXdRUoOx2XTaxFXupxV hbpHRrdFrwq51f6e3bkfkNEZ3fzYpnlbynJ2zL++JO8P3Pq/S6UKEFjEB50i8YgK WuFvGUsQ+YiDgiZU4saqxSBWbfYn3lY6MSSTg8RnXbFIMG3CFImqYk1uhaV+bDjc p0htjzM2F98g7c3o7sWx0bGarId4uhOmpj7JJVQ+lu7Jby6Ocj8n//7qF1Nn11Cw QlCVaeAq5Y5DmZrnww9I3zzOWWyqFkAVCM3GqeRLMvplD6/+O+5FF7XoHzQB47nk OyZtawy/9gssPWZKLv4qHLYS0wGGCiNbCsYy90s3pfeafM0kSxxjIvEz21KT6LJI /awu2ErQFWCkDMFJ1p/97MjPrQ/6d4cPO140V/wyfuWaBiTVqa9mgnb2zn6fYfDH JEvl1UzIx3JCae25tty1+qtnS0i0LlN0ZXBoZW4gRmFycmVsbCA8c3RlcGhlbkB0 b2xlcmFudG5ldHdvcmtzLmNvbT6JAj0EEwEIACcFAlo9UVoCGwMFCQmUJgAFCwkI BwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+o7HBAAxHAdFkBGZ9gJK8w7 NUYS9C6enGYtAYoKH5G3Bn3YScjErNfQtHYb53KwBQpVSOv1HcN8hbQ8mLTgn9lt zNwNSuv0XxIswi807HRSIZ4vYDiS5VKV1YkLYK5bLY5O4alVdzqM+AZQqkuHBu63 6n+C0ED6UwLhVBFfSNvBQVAdoq6gvr+IE8rCIKTMNGwNcgVPbF+YxP7UZM6p7s2a 5MIqGw7URSfaqfuztibXGOBLFbSwLGqHSSnOXBfEeDrwdZ+ur8cXIIPRIeCTVmeO 8bGgpgBqNQXG9oyGN+TrYAC+4Ahi0UjCk7QGj8tf3xICKoQpYyfceNBZJ/969gV9 tVgvRxUjxUwc9kZbi0c8XYMTq5GCvBIh1D6BOW9QBM2SsNgG3l36+e3+c2LDdyKn 20C1IzGLVDdcCtz42/onQ/e9sMlzFrfLjs5SO2/TnLvp2JtsIQXyb/T5qd0GE5j8 /iwfZR+uVTVVEsUl1a+Yllzt6sdR7RIhhKpKaKzEAk4d0+VHdz7zEkQRRSjbPVoS fy8c/kld9Fi8Buna+ZkKpcwIW+D4XP83pGcl0XUv6AyqwS1LnEt+jv/+PSXskYtU Lzn8Z35iKkSAH/5Nz6GCZk6ORPNv/6+UI92BpUbu/G2tBwK8bPgAg+gJxBx3G7MK W7VRCmM5UrtAK9A3O70VjPyMkHSJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLC LAf/X/9vRTZWtwSXxiBCA54a6hg9IvW0mvPUqgXfvrhtOk0IFucLKrTXK8J/NcmU 6ulxOovVbQ+Bin6gtHeCmSa/W523g/NXCOuFTnS/MyVibNL4+RCFwqGysl++Cm+L nj1MmasE9kO+CNdervx8APfxV7D6OYrG4eGag+LdFR6VpJn6tRT0/WvyT8l+Oqiq gdhXHv+0MvkkD9TX5LlJW4VB/yRvWkkmL5N5c5zYh+NcfTPhQ5S9dOorVzrm65d6 Itn0937Ennau7s7fiFdA0BHjWqEAFLsBIXQfCFjjKjdsKA4xlSiX7X7ElmPYpWa5 wwTQ66dL0anMd9y1DJCMOHe4gYkCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9 g1MSBQJbtyScAAoJEBDvedn9g1MSY7sP+gKR0rFU1g+GtB+hSdtwPRbacvml2eL2 Jc5Eq37J9hAqxHyt5V0If7s8IyVA2GXgdfwULBWbXGDUDiUkh20OPQRUS8G9Sf8A WRuG25q5C8ZzWygykL88RKXJZDFtA49CeqO5Bq5syBhq4QfiSTffQHIp3h0boPGU hSBEUQpooMXYQClNARQ+z/uRzR5bUi9wxdXNnxTn9ia4ASlaBPvUYTGY1jW2HrRR SwpI12+UaWsvc3jJtQ8X0kxgJ7jsFF1uqquIZ5eflQv+PHHg2RJSy37u0UFGb+OK ZEkzlmbPokKCYhzBR5PcD6sgdlaJNcidmto9u1oV6yZT8J2W4CTuUclgxt6f3lZq ZeVLnNnbHyKUdeypwLlqYISulfnMhZ3A6Bgpf2BtjL6KJbFtPBYmYdxI+HZyY49u U2ZHhRu+CSQ1y7zGKSX0gRp5hE7+A4XJtsT6lTLhbi9aiZTG1S6zKNhl3qNNzszc r27PrvFiyGhpuYQuzdQl2PMGbOI6Ojif3sab53NO3RLsLOM09wIlr95yKLlkXkUr WcvUJGrw6HKm8j5opXHTwmJOAbDpc6cMDu+ITRu4spdCnQJcE8RkO8tKyaLuh2Gt U5kYSBK97yr5VviX1FK6rY14LLmnE16OPiK2tiVBKy9nGM0DKtY+K9WcoRZ7s/d7 O0bMfzcNPtGLuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiez GPuBHmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9Wf pHTD8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC 6T5MsK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2 D/zE4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFe A7PbTuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ /Vf3vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbpt PEcmoazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKr em5r+oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96 Z22fQ0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYgh x8b7Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQ oqj1gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P /1tF6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8 Wpfdn3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJ gx252HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5 SLjNJIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2 oKjwrIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtA ZAGsokRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIA ypqYo3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoM eDQkd0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS /qmUyXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZ IMhkvMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XO KVc3YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DJ121 -----END PGP PUBLIC KEY BLOCK----- --------------1C526C24358E2DB43434235C-- --UYUJECyKkq4ux6B6gdTPyFvVifizikgVj-- --sMv3FW3LtF0KIqRUXDWYuFZ5pAd3QLiW2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAlx3RKAACgkQWrL68XsX K+pvjg//eiCh+zZV/Q+GvCeoLP3/v7lk3NJ2RQV3LLt5QYgKJpGJ7zWydE/nVEV8 nMNcArsFgqvtvG5hu339xVtI0UcVEOpm+Cok2xeMziJe0uCsmCrYGD46SMRG68Cx 6NgMMuGc3yr8gIoOhy20+9xPuCC8WbS3ypxGrHDKYFgXQn2r6QR8C1hnK4/Mvpe0 23ITVl7wzafoHtKyO58CFAdY4AcKyoLO5n2J5YUkvfbwslA/4OONlAAtH9Bwq60P cxgmoq5RAnjku7wSUlgjTfbQGIJYlbQ2uV4e7s00fUlw6WS8PIEbX2+XtnkuD2z/ kDyWC1PRbEw8e7rSVBnnM77D4sdxodYGUAYXCJs3zP9hJYXgCZ2Pkq/NgdG+J4Mh q2vLru3nBy1y0Tpg6w190x8GO6sW8VGyVYivib9zZRnoWQseSNHbTVBAwkKKAYbp dRuNMSB59hVphBQwPuJqodoE1qxuuuMzsQlK11G3tZz7SEcHVZVnTeHC7XxDEFh9 212cGIk1o0zDBN3JfLQBZtite4u8nfwBmQmpmw9Z/UFwOfRA0ks+rm1yCvQno1gI dNnsUVhbkNAWHPn7P09pjNbJbT79H5gm00TshHaLMkK5hrCqtWN/5ok/nJQplzym PPuUbTQlHkOy1IG5IHDUfKBxOucoukS/N/i/4GHAgDpPFeeB2dY= =OOkO -----END PGP SIGNATURE----- --sMv3FW3LtF0KIqRUXDWYuFZ5pAd3QLiW2-- From nobody Wed Feb 27 18:26:14 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1F9012D861 for ; Wed, 27 Feb 2019 18:26:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=emMCvgpa; dkim=pass (1536-bit key) header.d=taugh.com header.b=e+3HvQXz Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e6gpjF-nt-CC for ; Wed, 27 Feb 2019 18:26:05 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7AD7130ED7 for ; Wed, 27 Feb 2019 18:26:04 -0800 (PST) Received: (qmail 77842 invoked from network); 28 Feb 2019 02:26:02 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:reply-to:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=13010.5c7746ba.k1902; bh=Wxb+hi/5EMyLFyUCETSfRwCTOLBNlQBTbflQPi1EI+o=; b=emMCvgpaOSescRVqB9Ao9w/lhZBFh05qn0Rdsovxtt7LyKkd28WBSfCKXO8dVYMIosDzRRRMMwl/pwpDwF2VUdajOCWvNqGi4EORhzD7/xkN++qnIFblN5H9BYVU8xE01/iVb/U5ueKFoTBKcUJUp7UGZO8vgG29IXyWxJRZ+i2yk15cPnxfMzqohPReUGIhX4500JYVlxD+xqqF+59hGtfIBIR7jvLofjXhgqm4dOKRgJeNvnUB1JeQYf0QyaQn DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:reply-to:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=13010.5c7746ba.k1902; bh=Wxb+hi/5EMyLFyUCETSfRwCTOLBNlQBTbflQPi1EI+o=; b=e+3HvQXzbC6+OzrHGujW9T0rnpjVQxsocUg/SOT+2TmLVpABzYVOzICJfSL4E87/f1evIuSo7QJ85G1i4qtfsWjJHlZoxEqIF+5zeCuEAuQddt3TqnFLys618YYYC1MntimHeOgEirq3iPFNAam6Ohf7gGvFzQTbelInDN+PXTAVtSkcv/Nko/0egOk0Ualut8Sz9cfcWelvIiZdU3+C/4RLK7LxBGtPbVFxQsHVDiDPxJ6vQKEfVgt0T5jxNLWh Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 28 Feb 2019 02:26:02 -0000 Date: 27 Feb 2019 21:26:01 -0500 Message-ID: From: "John R Levine" Reply-To: dbound@ietf.org To: "Stephen Farrell" Cc: dbound@ietf.org, art@ietf.org, dnsop@ietf.org In-Reply-To: <7af62833-8ec7-df92-9241-1f8ce92b0d9a@cs.tcd.ie> References: <20190228020332.D2112200F6CEC9@ary.local> <7af62833-8ec7-df92-9241-1f8ce92b0d9a@cs.tcd.ie> User-Agent: Alpine 2.21 (OSX 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Archived-At: Subject: Re: [dbound] [art] [DNSOP] Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Feb 2019 02:26:08 -0000 On Thu, 28 Feb 2019, Stephen Farrell wrote: >> bar.org._same.foo.com. SAME . ; yes, we're a primary for whatever name that was >> _same.bar.org. SAME foo.com. ; yes, we're secondary for foo.com. > Yep, that could work. I still prefer the design in our > -00 though (sorry:-) as in your scheme here foo.com's zone > will have to change with every change in a linkage whereas > in the -00 design, changes are only needed in each of the > bar.org zones that actually do change. (I think the counter > to that might relate to difficulty in synchronising changes > to keys/selectors in our -00 design which can have unexpected > effects as we saw in the case of DKIM and a particular mail > corpus leak in 2016;-). Sure, but pick your poison. With your scheme you need a mutant DKIM signer at the primary and a way to send the result to the secondary. With mine, you just add a record. I realize that one or the other may be easier depending on where an organization's processes are broken but it's not obvious to me that the more complex design has an easier process. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly From nobody Wed Feb 27 19:52:24 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75E1E130DC4; Wed, 27 Feb 2019 19:52:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hvTYCFnITY5z; Wed, 27 Feb 2019 19:52:21 -0800 (PST) Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA5D312F18C; Wed, 27 Feb 2019 19:52:20 -0800 (PST) Received: from [198.252.137.10] (helo=PSB) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from ) id 1gzCk7-0000sy-0y; Wed, 27 Feb 2019 22:52:19 -0500 Date: Wed, 27 Feb 2019 22:52:13 -0500 From: John C Klensin To: John R Levine cc: art@ietf.org, dbound@ietf.org Message-ID: <49A2FC767B5A7146F39456B9@PSB> In-Reply-To: References: <20190227172143.10303200F57CE0@ary.local> <1FFA1977E97DE99C390869DA@PSB> X-Mailer: Mulberry/4.0.8 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline X-SA-Exim-Connect-IP: 198.252.137.10 X-SA-Exim-Mail-From: john-ietf@jck.com X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false Archived-At: Subject: Re: [dbound] [art] [DNSOP] not DNAME, was Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Feb 2019 03:52:23 -0000 --On Wednesday, February 27, 2019 20:48 -0500 John R Levine wrote: > On Wed, 27 Feb 2019, John C Klensin wrote: >> at least one aspect of it is probably worth mentioning. It >> requires understanding "tree" but not any special >> understanding of IDNs, variants, etc. > > You don't even have to go that for. Actually, you are identifying cases I was deliberately avoiding, precisely because fixes have been proposed that might almost work but that still don't solve, or allow solutions for, the tree problem. > Let's say you do this: > > foo.com. DNAME bar.org. > > Then www.foo.com will be an alias for www.bar.org, but DNAMEs > only affect names below themselves, so foo.com will remain > undefined, and you can't put a CNAME and a DNAME on the same > name. This makes it useless for what most people imagine they > want to use it for. Yes. > There's the additional issue that an MX with a target of a > CNAME or DNAME doesn't work reliably, "doesn't work reliably" may or may not be a synonym for "is explicitly prohibited by SMTP" but the latter is true is any event. > and the point you made > that if you've got variants, you can get a very bushy tree > every time a variant character appears in a label. Yep. And that raises several other issues with this proposal, all of which I was trying to avoid because they are (i) more complicated and (ii) involve more or less subtle DNS issues. > This issue has been argued at great length with proposals like > BNAME and CLONE so let's not redo it here. Indeed. john From nobody Thu Feb 28 00:46:55 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83E55130E70 for ; Thu, 28 Feb 2019 00:46:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.001 X-Spam-Level: X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=yitter.info header.b=H9HviJj8; dkim=pass (1024-bit key) header.d=yitter.info header.b=E/QmHEYO Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jt0ZrlLDEGWz for ; Thu, 28 Feb 2019 00:46:53 -0800 (PST) Received: from mx4.yitter.info (mx4.yitter.info [159.203.56.111]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17BF0130E6C for ; Thu, 28 Feb 2019 00:46:52 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mx4.yitter.info (Postfix) with ESMTP id 0A884BCBCC for ; Thu, 28 Feb 2019 08:46:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1551343612; bh=HhLAR+eqlLCZJ0B4R1eBrkCrBoAWB2DGLQlvXW9ZR4o=; h=Date:From:To:Subject:From; b=H9HviJj8gdA307ctyqRTu4uv26czckmn1WA5XxAZdwXc+jATrDjKNvMbZnfyPUmE8 iL8g7EOyYurJGglSQ2DqyEKUEz5Gf+DzGm+14XVMXB19VJzzb6O/+gnll7lRLi26tA swb8S0slgXA0jm0pBb8ePb11kcQ6NCaJa3tdWUM4= X-Virus-Scanned: Debian amavisd-new at crankycanuck.ca Received: from mx4.yitter.info ([127.0.0.1]) by localhost (mx4.yitter.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gwTZDNbo473O for ; Thu, 28 Feb 2019 08:46:50 +0000 (UTC) Date: Thu, 28 Feb 2019 03:46:41 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1551343610; bh=HhLAR+eqlLCZJ0B4R1eBrkCrBoAWB2DGLQlvXW9ZR4o=; h=Date:From:To:Subject:From; b=E/QmHEYOIocDsGOub16i9Nlzs9wAWz8WAlWjBV9Dv8H/7wv6GYOzN38kLs8RnF7J/ Ql5LT9Q0mmg/nWk+noiHpBgoLQ6FWDyJHE4VilUdREt/yUkDok8uz5QyLZ9v+asfBS MYkOMgUCSfggvzxIqWRtmvSEBgniI4xGCfscBJE8= From: Andrew Sullivan To: dbound@ietf.org Message-ID: <20190228084640.vgexxwltqmshkf4q@mx4.yitter.info> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Archived-At: Subject: [dbound] draft-brotman-rdbd? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Feb 2019 08:46:54 -0000 Is draft-brotman-rdbd being discussed here or elsewhere? I have some observations. A -- Andrew Sullivan ajs@anvilwalrusden.com From nobody Thu Feb 28 01:00:52 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A523130E7D for ; Thu, 28 Feb 2019 01:00:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vm-QGcRfP4NY for ; Thu, 28 Feb 2019 01:00:49 -0800 (PST) Received: from cnnic.cn (smtp13.cnnic.cn [218.241.118.13]) by ietfa.amsl.com (Postfix) with ESMTP id 3A11D130E74 for ; Thu, 28 Feb 2019 01:00:45 -0800 (PST) Received: from healthyao-PC (unknown [218.241.103.187]) by ocmail02.zx.nicx.cn (Coremail) with SMTP id AQAAf0BJdq3gondcFCcqAA--.25673S2; Thu, 28 Feb 2019 16:59:12 +0800 (CST) Date: Thu, 28 Feb 2019 16:59:10 +0800 From: "Jiankang Yao" To: "Andrew Sullivan" , dbound Reply-To: yaojk References: <20190228084640.vgexxwltqmshkf4q@mx4.yitter.info> X-Priority: 3 X-Has-Attach: no X-Mailer: Foxmail 7.0.1.92[cn] Mime-Version: 1.0 Message-ID: <2019022816590111413561@cnnic.cn> Content-Type: multipart/alternative; boundary="----=_001_NextPart720641061822_=----" X-CM-TRANSID: AQAAf0BJdq3gondcFCcqAA--.25673S2 X-Coremail-Antispam: 1UD129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73 VFW2AGmfu7bjvjm3AaLaJ3UjIYCTnIWjp_UUUYL7k0a2IF6FyUM7kC6x804xWl14x267AK xVWUJVW8JwAFc2x0x2IEx4CE42xK8VAvwI8IcIk0rVWrJVCq3wAFIxvE14AKwVWUJVWUGw A2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK021l84ACjcxK6xIIjxv20xvE14v26ryj 6F1UM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26r4j6F4UM28EF7xvwVC2z280aVAFwI0_Gc CE3s1l84ACjcxK6I8E87Iv6xkF7I0E14v26rxl6s0DM2AIxVAIcxkEcVAq07x20xvEncxI r21l5I8CrVCF0I0E4I0vr24lYx0E2Ix0cI8IcVAFwI0_Jr0_Jr4lYx0Ex4A2jsIE14v26r 1j6r4UMcvjeVCFs4IE7xkEbVWUJVW8JwACjcxG0xvY0x0EwIxGrwACY4xI67k04243AVAK zVAKj4xxM4xvF2IEb7IF0Fy26I8I3I1lc2xSY4AK67AK6r43MxAIw28IcxkI7VAKI48JMx C20s026xCaFVCjc4AY6r1j6r4UMI8I3I0E5I8CrVAFwI0_JrI_JrWlx2IqxVCjr7xvwVAF wI0_JrI_JrWlx4CE17CEb7AF67AKxVWUXVWUAwCIc40Y0x0EwIxGrwCI42IY6xIIjxv20x vE14v26r1j6r1xMIIF0xvE2Ix0cI8IcVCY1x0267AKxVWUJVW8JwCI42IY6xAIw20EY4v2 0xvaj40_WFyUJVCq3wCI42IY6I8E87Iv67AKxVWUJVW8JwCI42IY6I8E87Iv6xkF7I0E14 v26r1j6r4UMVCEFcxC0VAYjxAxZFUvcSsGvfC2KfnxnUUI43ZEXa7IU8_b15UUUUU== X-CM-SenderInfo: x1dryyw6fq0xffof0/ Archived-At: Subject: Re: [dbound] draft-brotman-rdbd? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Feb 2019 09:00:52 -0000 This is a multi-part message in MIME format. ------=_001_NextPart720641061822_=---- Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 DQpNYXliZSBoZXJlLiBJcyBpdCB0aW1lIHRvIHdha2UgdXAgdGhpcyBXRz8NCg0KDQoNCg0KDQpK aWFua2FuZyBZYW8NCg0KRnJvbTogQW5kcmV3IFN1bGxpdmFuDQpEYXRlOiAyMDE5LTAyLTI4IDE2 OjQ2DQpUbzogZGJvdW5kDQpTdWJqZWN0OiBbZGJvdW5kXSBkcmFmdC1icm90bWFuLXJkYmQ/DQpJ cyBkcmFmdC1icm90bWFuLXJkYmQgYmVpbmcgZGlzY3Vzc2VkIGhlcmUgb3IgZWxzZXdoZXJlPyAg SSBoYXZlIHNvbWUNCm9ic2VydmF0aW9ucy4NCg0KQQ0KDQoNCi0tIA0KQW5kcmV3IFN1bGxpdmFu DQphanNAYW52aWx3YWxydXNkZW4uY29tDQoNCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fDQpkYm91bmQgbWFpbGluZyBsaXN0DQpkYm91bmRAaWV0Zi5vcmcN Cmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vZGJvdW5k ------=_001_NextPart720641061822_=---- Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: quoted-printable
 
Maybe here. Is it time to wake up this WG?
 
 
Jiankang Yao
 
Date: 2019-02-28 16:46
To: dbound
Subject: [dbound] draft-brotman-rdbd?
Is draft-brotman-rdbd being discussed here o= r elsewhere?  I have some
observations.
 
A
 
 
-- 
Andrew Sullivan
ajs@anvilwalrusden.com
 
_______________________________________________
dbound mailing list
dbound@ietf.org
https://www.ietf.org/mailman/listinfo/dbound
------=_001_NextPart720641061822_=------ From nobody Thu Feb 28 02:05:23 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 020CE130EBA for ; Thu, 28 Feb 2019 02:05:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.301 X-Spam-Level: X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fhnb6kbat1hl for ; Thu, 28 Feb 2019 02:05:18 -0800 (PST) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 604A5130E9F for ; Thu, 28 Feb 2019 02:05:17 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 9DE15BE39; Thu, 28 Feb 2019 10:05:15 +0000 (GMT) Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D-g7ghveCsm1; Thu, 28 Feb 2019 10:05:15 +0000 (GMT) Received: from [134.226.36.93] (unknown [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 65856BE2E; Thu, 28 Feb 2019 10:05:15 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1551348315; bh=XiEaIkQGyYqqcTMa2QqsVu6U1GnbvvohdAPjNQuf8ok=; h=Subject:To:References:From:Date:In-Reply-To:From; b=lL8JxZxiXpUf3i5nnTbODgMiKPDO4PDbejqXUdExXDuIdvoK9bnXk24fqJYSEp3km TUYYDxfzTeKTqu+epAhbWXwqOsYE5UqBW4wQI/BwMWpzIrr0lj86KgVL+DylPq/0Gf k1XUPXdcMic9+rtwdJrElop9GYr3BlH7zfkwKDX8= To: Andrew Sullivan , dbound@ietf.org References: <20190228084640.vgexxwltqmshkf4q@mx4.yitter.info> From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <017fb3da-3b0d-f24b-5d5a-f494dcd339a4@cs.tcd.ie> Date: Thu, 28 Feb 2019 10:05:08 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 MIME-Version: 1.0 In-Reply-To: <20190228084640.vgexxwltqmshkf4q@mx4.yitter.info> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="qf26QziluTXNkU7TavKcK4ceASCpB2XL8" Archived-At: Subject: Re: [dbound] draft-brotman-rdbd? X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Feb 2019 10:05:21 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --qf26QziluTXNkU7TavKcK4ceASCpB2XL8 Content-Type: multipart/mixed; boundary="ce7gFjszCtJeEZMiYWjusMrSh62RZOMER"; protected-headers="v1" From: Stephen Farrell To: Andrew Sullivan , dbound@ietf.org Message-ID: <017fb3da-3b0d-f24b-5d5a-f494dcd339a4@cs.tcd.ie> Subject: Re: [dbound] draft-brotman-rdbd? References: <20190228084640.vgexxwltqmshkf4q@mx4.yitter.info> In-Reply-To: <20190228084640.vgexxwltqmshkf4q@mx4.yitter.info> --ce7gFjszCtJeEZMiYWjusMrSh62RZOMER Content-Type: multipart/mixed; boundary="------------4222E44AE71E8DC5ED9A2A34" Content-Language: en-GB This is a multi-part message in MIME format. --------------4222E44AE71E8DC5ED9A2A34 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Andrew, On 28/02/2019 08:46, Andrew Sullivan wrote: > Is draft-brotman-rdbd being discussed here or elsewhere? =20 I think Barry Leiba suggested to Alex to use this list, which works I guess. > I have some > observations. Great, looking forward to that. Thanks, S. >=20 > A >=20 >=20 --------------4222E44AE71E8DC5ED9A2A34 Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5tDJTdGVwaGVuIEZhcnJlbGwgKDIwMTcp IDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJCZQmAAUL CQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1yw aps8HGUNhLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG +48od+Xn7qg6LT7GrHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXk kTFaSGYJj3yIP4R6IgwBYGMzDXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRr pZtXB1XQc23ZZmrlTkl2HaThL6w3YKdiTi1NbuMeOxZqtXcUshII45sANm4HuWNT iRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS3MmGgVS4ZoX8+VaPGpXdQVFy BMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml3OEuIQiP2ehRt/HV LMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi2/Jrsz6M zh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6 TzKjGjruq8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxIkBHAQQAQgABgUCWj1SoAAK CRAvPIc2gF+NovMcCACVZPo1cQa3D+vWaIo0ZyinO/MgtD2gHysoj1T0Qvq05//L ZXmhh578bJANvdl2g/HFhhwl/5HKIfWcyipQhmJklp/dsleKcNnn4B18T75RHY0G +po3ILq7evbiOjUH+xqApti1aCxi1GocsPghaLfsxmtXKMG4Xu7XhDTv66GOrqZf Y7+0ekJjD9Dza1t5NE/JR/VZA4B8PWR8Glb0+8C9rkjD0VZ5ekJdHPDGcJmFh8Z+ q25LDoI8Fgt1uKSowvoVnsQO5MFv/y6bXArtj1uB4hAL4JiOFgHlFdrW0MlFpvYm ziW4K9JHTD8KAfDbrb3e2W97ZDpROuYfE/lTbYOWiQI9BBMBCAAnBQJaPVAyAhsD BQkJlCYABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEFqy+vF7Fyvq0mkP/ius gsf6Z4/Tu+vHzBbl5i6oKI8ZieH8JfEgXx4ut9t7l3hBGC2r7DpR5A8zLMpEhGIK gFcHagksFkfLEE/FmWDfd1MysQafxBYrHaI27P2tkxfI5JYV6247TV39pQ93kGds tsjIrmh/zEJCVczoofxtz72BDt51H2Z8tN28F/YVHnbaGDwFEEzWKYpze87y/f36 ogcdGO6LDEEEIA6Ee0dGxleuKlLS4UDTt0zjo6L8TyiyPHp9C3+UfnP8837Zp3Fh KstIBd+vWgPdHFg2G5aDIYUvrj9UJBvVgaN/RnkwE+dab2OBSg5jkr141JLQvzdZ 4mOUXn5D9Y6AH6tvj0+ubYMV6j35L1/ZXncuXPVYiylcmDp/6f2WYcT3gx9CPUYA cLMjQV4vX2W8z4uEPyMlIJuGsLf7KhvLL8BQ6zlncT6eONfUUX9UJUCzqI5rqL5c b5jWGHeKvbLWRyQnlq5PXQxJTwYRm71rJTgzejc33LE6Nqg/Q25Dgwwsv+f+7i73 gB5loc80Fef+FV9VFGalFe0Yq8m0UASmkYRh7MH5ssoibpeWk+SGfBjOV4tnsAwR yjYLpAzxA8HeDcmlLeypGEDmsQ/iUvXoGaKOYX4Ieg8T/PCAplsqnJUOq8hbkgOC 98gLZfiltkNG8YhQpoZIHj6SxmBRSc3K99CvanuOiQIzBBABCAAdFiEEfhcKBFyE z0YOK3mgEO952f2DUxIFAlu3JJsACgkQEO952f2DUxJ4qRAAmbjiO3WTAeBCB4ME p2N2+XQCMTTFURDGuJnqU/+X//fhhPRq4V/OxgisKFKlBcAS2hsECvg6HDVSz4Fl 74fk/y+botG4/CjMLdKPB9fgh5zz72i3q0hWDixt50NKBv8IIVWOyYgZxDU/vcks lMEnqbFgJX+CfdALpvAM4WjuQP0UMcKNE3xd+EdDhD1xjK3Tq4XfWob9q6aBZgL2 B4IaADCIeDDE1hv0agnSJmMJE7Bti8tNxCCxVRbZtOaxVHXdRUoOx2XTaxFXupxV hbpHRrdFrwq51f6e3bkfkNEZ3fzYpnlbynJ2zL++JO8P3Pq/S6UKEFjEB50i8YgK WuFvGUsQ+YiDgiZU4saqxSBWbfYn3lY6MSSTg8RnXbFIMG3CFImqYk1uhaV+bDjc p0htjzM2F98g7c3o7sWx0bGarId4uhOmpj7JJVQ+lu7Jby6Ocj8n//7qF1Nn11Cw QlCVaeAq5Y5DmZrnww9I3zzOWWyqFkAVCM3GqeRLMvplD6/+O+5FF7XoHzQB47nk OyZtawy/9gssPWZKLv4qHLYS0wGGCiNbCsYy90s3pfeafM0kSxxjIvEz21KT6LJI /awu2ErQFWCkDMFJ1p/97MjPrQ/6d4cPO140V/wyfuWaBiTVqa9mgnb2zn6fYfDH JEvl1UzIx3JCae25tty1+qtnS0i0LlN0ZXBoZW4gRmFycmVsbCA8c3RlcGhlbkB0 b2xlcmFudG5ldHdvcmtzLmNvbT6JAj0EEwEIACcFAlo9UVoCGwMFCQmUJgAFCwkI BwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+o7HBAAxHAdFkBGZ9gJK8w7 NUYS9C6enGYtAYoKH5G3Bn3YScjErNfQtHYb53KwBQpVSOv1HcN8hbQ8mLTgn9lt zNwNSuv0XxIswi807HRSIZ4vYDiS5VKV1YkLYK5bLY5O4alVdzqM+AZQqkuHBu63 6n+C0ED6UwLhVBFfSNvBQVAdoq6gvr+IE8rCIKTMNGwNcgVPbF+YxP7UZM6p7s2a 5MIqGw7URSfaqfuztibXGOBLFbSwLGqHSSnOXBfEeDrwdZ+ur8cXIIPRIeCTVmeO 8bGgpgBqNQXG9oyGN+TrYAC+4Ahi0UjCk7QGj8tf3xICKoQpYyfceNBZJ/969gV9 tVgvRxUjxUwc9kZbi0c8XYMTq5GCvBIh1D6BOW9QBM2SsNgG3l36+e3+c2LDdyKn 20C1IzGLVDdcCtz42/onQ/e9sMlzFrfLjs5SO2/TnLvp2JtsIQXyb/T5qd0GE5j8 /iwfZR+uVTVVEsUl1a+Yllzt6sdR7RIhhKpKaKzEAk4d0+VHdz7zEkQRRSjbPVoS fy8c/kld9Fi8Buna+ZkKpcwIW+D4XP83pGcl0XUv6AyqwS1LnEt+jv/+PSXskYtU Lzn8Z35iKkSAH/5Nz6GCZk6ORPNv/6+UI92BpUbu/G2tBwK8bPgAg+gJxBx3G7MK W7VRCmM5UrtAK9A3O70VjPyMkHSJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLC LAf/X/9vRTZWtwSXxiBCA54a6hg9IvW0mvPUqgXfvrhtOk0IFucLKrTXK8J/NcmU 6ulxOovVbQ+Bin6gtHeCmSa/W523g/NXCOuFTnS/MyVibNL4+RCFwqGysl++Cm+L nj1MmasE9kO+CNdervx8APfxV7D6OYrG4eGag+LdFR6VpJn6tRT0/WvyT8l+Oqiq gdhXHv+0MvkkD9TX5LlJW4VB/yRvWkkmL5N5c5zYh+NcfTPhQ5S9dOorVzrm65d6 Itn0937Ennau7s7fiFdA0BHjWqEAFLsBIXQfCFjjKjdsKA4xlSiX7X7ElmPYpWa5 wwTQ66dL0anMd9y1DJCMOHe4gYkCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9 g1MSBQJbtyScAAoJEBDvedn9g1MSY7sP+gKR0rFU1g+GtB+hSdtwPRbacvml2eL2 Jc5Eq37J9hAqxHyt5V0If7s8IyVA2GXgdfwULBWbXGDUDiUkh20OPQRUS8G9Sf8A WRuG25q5C8ZzWygykL88RKXJZDFtA49CeqO5Bq5syBhq4QfiSTffQHIp3h0boPGU hSBEUQpooMXYQClNARQ+z/uRzR5bUi9wxdXNnxTn9ia4ASlaBPvUYTGY1jW2HrRR SwpI12+UaWsvc3jJtQ8X0kxgJ7jsFF1uqquIZ5eflQv+PHHg2RJSy37u0UFGb+OK ZEkzlmbPokKCYhzBR5PcD6sgdlaJNcidmto9u1oV6yZT8J2W4CTuUclgxt6f3lZq ZeVLnNnbHyKUdeypwLlqYISulfnMhZ3A6Bgpf2BtjL6KJbFtPBYmYdxI+HZyY49u U2ZHhRu+CSQ1y7zGKSX0gRp5hE7+A4XJtsT6lTLhbi9aiZTG1S6zKNhl3qNNzszc r27PrvFiyGhpuYQuzdQl2PMGbOI6Ojif3sab53NO3RLsLOM09wIlr95yKLlkXkUr WcvUJGrw6HKm8j5opXHTwmJOAbDpc6cMDu+ITRu4spdCnQJcE8RkO8tKyaLuh2Gt U5kYSBK97yr5VviX1FK6rY14LLmnE16OPiK2tiVBKy9nGM0DKtY+K9WcoRZ7s/d7 O0bMfzcNPtGLuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiez GPuBHmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9Wf pHTD8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC 6T5MsK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2 D/zE4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFe A7PbTuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ /Vf3vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbpt PEcmoazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKr em5r+oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96 Z22fQ0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYgh x8b7Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQ oqj1gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P /1tF6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8 Wpfdn3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJ gx252HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5 SLjNJIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2 oKjwrIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtA ZAGsokRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIA ypqYo3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoM eDQkd0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS /qmUyXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZ IMhkvMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XO KVc3YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DJ121 -----END PGP PUBLIC KEY BLOCK----- --------------4222E44AE71E8DC5ED9A2A34-- --ce7gFjszCtJeEZMiYWjusMrSh62RZOMER-- --qf26QziluTXNkU7TavKcK4ceASCpB2XL8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAlx3slQACgkQWrL68XsX K+pzThAAur9K4LLx8fSyy4tcoIU8p4LX4LgxtTUEfHwMcueslxIcVbHZmOg10zc6 XCPWjTZLCqA8nG6wmbJabD8sh8PVki9lRlTF0WjllAkmuHv8qRrk/PIqI9dh0hwv aIBoamQYsAkhI6I4MRI7ZFWvT7C+EWhyjGkpWJVkS8qVmpoabKPE5mKBUa6yd1+n WEIaXPOzJlZxg9p/imM9cl53WhmgBdnwU+GlsRTTyYIxX/PggHKjOUz2w3/6gb8h lSEQSzXvHcw6IuChosKGXkeUDd0geNA41sAAyYhX9g30CWG60IVib1o8MrdSRSIG wZQgr89ce2j5QWkm5cilxmJ387qPDuIRGemq77kN2gNibqbzkgaIkJJ+OW6isluz 7sjuspeUvGA1au2ovkhbWno4RyE7jek+lWQoYd8fCs9wqZxVeJZ5EQBanR6jGAlb 9ysYdvH9/IWNrYliheG911SPRlg63R0S3ZI/0tnJNh7AZ6IXGSe/CDEP1AOIAyKK TeAIdEtjMx+95id3+gVWCe0tqboHlybfe8J+CaJsI27UApXH+mJ0srrOrItKarD/ juLZP8//BlFvKVE1cWe5S08LKLiQ5xMnpuZNjHqIvYP1FsxZQ0Ej/ShMvqF+VJ2e E4KzKAS7BvJ2JHC3EPeTNY61m99nbK8o7/xoj53Nwr7lHmsDGWI= =sBtX -----END PGP SIGNATURE----- --qf26QziluTXNkU7TavKcK4ceASCpB2XL8-- From nobody Thu Feb 28 02:59:13 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1E0512D4E8 for ; Thu, 28 Feb 2019 02:59:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=yitter.info header.b=JF2aQVM0; dkim=pass (1024-bit key) header.d=yitter.info header.b=P4F5nccb Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MfawZJFeBBLo for ; Thu, 28 Feb 2019 02:59:09 -0800 (PST) Received: from mx4.yitter.info (mx4.yitter.info [159.203.56.111]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5984128BCC for ; Thu, 28 Feb 2019 02:59:09 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mx4.yitter.info (Postfix) with ESMTP id 88767BCBCC for ; Thu, 28 Feb 2019 10:59:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1551351548; bh=fx3OkYkyz6HFyZcOBU2csI74KZuNsGnY0ij+cay85ao=; h=Date:From:To:Subject:References:In-Reply-To:From; b=JF2aQVM0ADhrsS9jYU9X8w/loE2Eo8zRBWqNM9qqzkXdOnsiE8+HabNEl+HlPRd6Y GAAyEnoBzr0jGXxDzA8muAhRLuRDrm3YHErxUYpPIjxsgYRmE+OZKf19R6d/jvwMwG UzmpJ334n7OSJwTxB45V1sFQbNu4FD6fZlNKvIzI= X-Virus-Scanned: Debian amavisd-new at crankycanuck.ca Received: from mx4.yitter.info ([127.0.0.1]) by localhost (mx4.yitter.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZZ1PyBTW_977 for ; Thu, 28 Feb 2019 10:59:07 +0000 (UTC) Date: Thu, 28 Feb 2019 05:59:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1551351547; bh=fx3OkYkyz6HFyZcOBU2csI74KZuNsGnY0ij+cay85ao=; h=Date:From:To:Subject:References:In-Reply-To:From; b=P4F5nccb5dlckHzQFVlokMgYnUzqWd7mQPb5Qb31XnwQs+UO8cP76CW0IAjm35i+a EgWTAicsWSl5boG8SXCMjhkeArNnfdV215VRbrseRINPSNxAXVsOpFlGD8oHmqgYua d1Q5UTe+7k3zJEo2KdCTiJCVs+xJwS2FO+kfik4A= From: Andrew Sullivan To: dbound@ietf.org Message-ID: <20190228105902.4z3o6x7lavkhd4xk@mx4.yitter.info> References: <20190228084640.vgexxwltqmshkf4q@mx4.yitter.info> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190228084640.vgexxwltqmshkf4q@mx4.yitter.info> Archived-At: Subject: Re: [dbound] draft-brotman-rdbd X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Feb 2019 10:59:12 -0000 Hi, Since this is the place, I read draft-brotman-rdbd-00 and have a few observations. I'm slightly concerned at the way this is being conceived, because I think it has a conceptual separation in it that is troublesome. It's found here: RDBD is intended to demonstrate a relationship between registered domains, not individual hostnames. That is to say that the relationship should exist between "example.com" and "dept- example.com", not "foo.example.com" and "bar.dept-example.com". The problem, of course, is that foo.example.com, bar.dept-example.com, and really.long.set.of.labels.example.com are all _perfectly good_ domains. Now, maybe what the above intends to communicate is that RDBD is intended to demonstrate a relationship between the owner name at an apex and all the subsidiary names in that zone (i.e. up until any subordinate zone cut), and the owner name at an apex and all the subsidiary names in _that_ zone. Alternatively, maybe what the above intends to communicate is that RDBD is intended to demonstrate a relationship between owner names immediately below a so-called public suffix. I can imagine use cases for either, though I am not sure they're as general purpose as people might think. I am more than a little worried about the parent/secondary split. (Also, both of these are already well-used terms in the DNS, so I really strongly urge some other terms. We have enough trouble with overloading DNS terms without doing so with two of the most frequently used terms in DNS operations, particularly when this mixes terms from delegation and from zone transfers.) It isn't clear to me, from the discussion, that it is obviously true in most of the use cases people have that one of the domains people want to talk about is "the main one". More importantly, it is quite likely that someone trying to query this will have a different idea about which is "main" than the domain operator, so if this isn't a fully bidirectional operation (which it's not in -00) there could easily be problems in use. (This is part of why SOPA was proposed to be two-way.) If you're going to do this with TXT records, then you definitely need an underscore label, or the apex name is going to be a mess. But that will mean that this won't work for DNAME. That consideration is part of why SOPA defined a new RRTYPE and put the RR at the name that was supposed to be related. I hope these comments are useful. I have limited cycles to spend on IETF stuff these days, but this was always a topic close to my heart (and I'm super annoyed the DBOUND WG failed), so I'll try to keep up. A -- Andrew Sullivan ajs@anvilwalrusden.com From nobody Thu Feb 28 03:52:54 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04A90130E9C for ; Thu, 28 Feb 2019 03:52:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.3 X-Spam-Level: X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rLXtlU2Kg0Ep for ; Thu, 28 Feb 2019 03:52:49 -0800 (PST) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3928130E89 for ; Thu, 28 Feb 2019 03:52:48 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id CDC77BE39; Thu, 28 Feb 2019 11:52:45 +0000 (GMT) Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3-ouFC4MjloG; Thu, 28 Feb 2019 11:52:45 +0000 (GMT) Received: from [134.226.36.93] (unknown [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 80A54BE2C; Thu, 28 Feb 2019 11:52:45 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1551354765; bh=qR6i2p9h5B/14ektamv9IMv5wuaShxCH+NBiq7e9QEc=; h=To:References:From:Subject:Date:In-Reply-To:From; b=kUbOtqrfL13BMd9Jc2zeFGW1h7LTnS4LOVyaZj59EVsiac/5eaIvdL0DGSwr92wEj mpOSaWDKtSFz2gY+KS252d7CQLO5e0oWs3MCyCkXxuoz+GkR9WuaxnVXXGoHW6MXD8 XSMJEFEcl3nhKkE66lbKiLU95yWbVz0FGhLxNvTs= To: Andrew Sullivan , dbound@ietf.org References: <20190228084640.vgexxwltqmshkf4q@mx4.yitter.info> <20190228105902.4z3o6x7lavkhd4xk@mx4.yitter.info> From: Stephen Farrell Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url= Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: Date: Thu, 28 Feb 2019 11:52:43 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 MIME-Version: 1.0 In-Reply-To: <20190228105902.4z3o6x7lavkhd4xk@mx4.yitter.info> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="9yqaooCyhSEOWiTHv3hOgRegxVcLUL1rb" Archived-At: Subject: Re: [dbound] draft-brotman-rdbd X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Feb 2019 11:52:53 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --9yqaooCyhSEOWiTHv3hOgRegxVcLUL1rb Content-Type: multipart/mixed; boundary="lJCzyVjRsqQ6Sr89gZx99Vy8LDYaef4W1"; protected-headers="v1" From: Stephen Farrell To: Andrew Sullivan , dbound@ietf.org Message-ID: Subject: Re: [dbound] draft-brotman-rdbd References: <20190228084640.vgexxwltqmshkf4q@mx4.yitter.info> <20190228105902.4z3o6x7lavkhd4xk@mx4.yitter.info> In-Reply-To: <20190228105902.4z3o6x7lavkhd4xk@mx4.yitter.info> --lJCzyVjRsqQ6Sr89gZx99Vy8LDYaef4W1 Content-Type: multipart/mixed; boundary="------------516AE983BBBA199CBED446F2" Content-Language: en-GB This is a multi-part message in MIME format. --------------516AE983BBBA199CBED446F2 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, Thanks for the good comments. On 28/02/2019 10:59, Andrew Sullivan wrote: > Hi, >=20 > Since this is the place, I read draft-brotman-rdbd-00 and have a few > observations. >=20 > I'm slightly concerned at the way this is being conceived, because I > think it has a conceptual separation in it that is troublesome. It's > found here: >=20 > RDBD is intended to demonstrate a relationship between registered > domains, not individual hostnames. That is to say that the > relationship should exist between "example.com" and "dept- > example.com", not "foo.example.com" and "bar.dept-example.com". >=20 > The problem, of course, is that foo.example.com, bar.dept-example.com, > and really.long.set.of.labels.example.com are all _perfectly good_ > domains. Now, maybe what the above intends to communicate is that > RDBD is intended to demonstrate a relationship between the owner name > at an apex and all the subsidiary names in that zone (i.e. up until > any subordinate zone cut), and the owner name at an apex and all the > subsidiary names in _that_ zone. Alternatively, maybe what the above > intends to communicate is that RDBD is intended to demonstrate a > relationship between owner names immediately below a so-called public > suffix. I can imagine use cases for either, though I am not sure > they're as general purpose as people might think. I think that's Alex's text so I'll leave it to him to explain:-) From my POV though, see my answer to Paul Wouters on the (lack of;-) semantics here. (That was on a different list but is at [1].) Not sure if that'll clarify or muddy the waters though, so it may be easier to chat about this f2f in Prague if we get a chance. [1] https://mailarchive.ietf.org/arch/msg/art/DaqhhnrNRSrIePbQTWDLCDua= w6k > I am more than a little worried about the parent/secondary split. > (Also, both of these are already well-used terms in the DNS, so I > really strongly urge some other terms. We have enough trouble with > overloading DNS terms without doing so with two of the most frequently > used terms in DNS operations, particularly when this mixes terms from > delegation and from zone transfers.) =20 Fair point. Better terms welcome. If we don't get handed some, we'll try invent a couple. I've noted this and a couple of other issues raised in the editor's version on github. [2] (And btw, if there're other things from these mail threads I ought note there, anyone can just ping me to add such.) [2] https://github.com/abrotman/related-domains-by-dns/blob/master/rdbd.txt > It isn't clear to me, from the > discussion, that it is obviously true in most of the use cases people > have that one of the domains people want to talk about is "the main > one". More importantly, it is quite likely that someone trying to > query this will have a different idea about which is "main" than the > domain operator, so if this isn't a fully bidirectional operation > (which it's not in -00) there could easily be problems in use. (This > is part of why SOPA was proposed to be two-way.) But if this stays unidirectional, one could always do the trick twice I think. So I'm not sure I get why that'd be a problem? (Assuming the syntax continues to allow that.) I'm also not sure if always-being-bidirectional is the right design myself, (see above wrt lack of semantics) but if it were and didn't add a lot of complexity, I'd be ok with it. > If you're going to do this with TXT records, then you definitely need > an underscore label, or the apex name is going to be a mess. But that > will mean that this won't work for DNAME. That consideration is part > of why SOPA defined a new RRTYPE and put the RR at the name that was > supposed to be related. Yep, fair enough. Personally I think a new RRTYPE is fine and will get a couple of issues off the table so is likely the right thing to do. I think Alex is also ok with that, in which case, we'll see about whacking out a -01 along those lines before the I-D cutoff. (And if not, we'll continue to be rightly beaten up for yet more abuse of TXT:-) > I hope these comments are useful. I have limited cycles to spend on > IETF stuff these days, but this was always a topic close to my heart > (and I'm super annoyed the DBOUND WG failed), so I'll try to keep up. Excellent! Cheers, S. >=20 > A >=20 --------------516AE983BBBA199CBED446F2 Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5tDJTdGVwaGVuIEZhcnJlbGwgKDIwMTcp IDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJCZQmAAUL CQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1yw aps8HGUNhLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG +48od+Xn7qg6LT7GrHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXk kTFaSGYJj3yIP4R6IgwBYGMzDXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRr pZtXB1XQc23ZZmrlTkl2HaThL6w3YKdiTi1NbuMeOxZqtXcUshII45sANm4HuWNT iRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS3MmGgVS4ZoX8+VaPGpXdQVFy BMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml3OEuIQiP2ehRt/HV LMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi2/Jrsz6M zh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6 TzKjGjruq8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxIkBHAQQAQgABgUCWj1SoAAK CRAvPIc2gF+NovMcCACVZPo1cQa3D+vWaIo0ZyinO/MgtD2gHysoj1T0Qvq05//L ZXmhh578bJANvdl2g/HFhhwl/5HKIfWcyipQhmJklp/dsleKcNnn4B18T75RHY0G +po3ILq7evbiOjUH+xqApti1aCxi1GocsPghaLfsxmtXKMG4Xu7XhDTv66GOrqZf Y7+0ekJjD9Dza1t5NE/JR/VZA4B8PWR8Glb0+8C9rkjD0VZ5ekJdHPDGcJmFh8Z+ q25LDoI8Fgt1uKSowvoVnsQO5MFv/y6bXArtj1uB4hAL4JiOFgHlFdrW0MlFpvYm ziW4K9JHTD8KAfDbrb3e2W97ZDpROuYfE/lTbYOWiQI9BBMBCAAnBQJaPVAyAhsD BQkJlCYABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEFqy+vF7Fyvq0mkP/ius gsf6Z4/Tu+vHzBbl5i6oKI8ZieH8JfEgXx4ut9t7l3hBGC2r7DpR5A8zLMpEhGIK gFcHagksFkfLEE/FmWDfd1MysQafxBYrHaI27P2tkxfI5JYV6247TV39pQ93kGds tsjIrmh/zEJCVczoofxtz72BDt51H2Z8tN28F/YVHnbaGDwFEEzWKYpze87y/f36 ogcdGO6LDEEEIA6Ee0dGxleuKlLS4UDTt0zjo6L8TyiyPHp9C3+UfnP8837Zp3Fh KstIBd+vWgPdHFg2G5aDIYUvrj9UJBvVgaN/RnkwE+dab2OBSg5jkr141JLQvzdZ 4mOUXn5D9Y6AH6tvj0+ubYMV6j35L1/ZXncuXPVYiylcmDp/6f2WYcT3gx9CPUYA cLMjQV4vX2W8z4uEPyMlIJuGsLf7KhvLL8BQ6zlncT6eONfUUX9UJUCzqI5rqL5c b5jWGHeKvbLWRyQnlq5PXQxJTwYRm71rJTgzejc33LE6Nqg/Q25Dgwwsv+f+7i73 gB5loc80Fef+FV9VFGalFe0Yq8m0UASmkYRh7MH5ssoibpeWk+SGfBjOV4tnsAwR yjYLpAzxA8HeDcmlLeypGEDmsQ/iUvXoGaKOYX4Ieg8T/PCAplsqnJUOq8hbkgOC 98gLZfiltkNG8YhQpoZIHj6SxmBRSc3K99CvanuOiQIzBBABCAAdFiEEfhcKBFyE z0YOK3mgEO952f2DUxIFAlu3JJsACgkQEO952f2DUxJ4qRAAmbjiO3WTAeBCB4ME p2N2+XQCMTTFURDGuJnqU/+X//fhhPRq4V/OxgisKFKlBcAS2hsECvg6HDVSz4Fl 74fk/y+botG4/CjMLdKPB9fgh5zz72i3q0hWDixt50NKBv8IIVWOyYgZxDU/vcks lMEnqbFgJX+CfdALpvAM4WjuQP0UMcKNE3xd+EdDhD1xjK3Tq4XfWob9q6aBZgL2 B4IaADCIeDDE1hv0agnSJmMJE7Bti8tNxCCxVRbZtOaxVHXdRUoOx2XTaxFXupxV hbpHRrdFrwq51f6e3bkfkNEZ3fzYpnlbynJ2zL++JO8P3Pq/S6UKEFjEB50i8YgK WuFvGUsQ+YiDgiZU4saqxSBWbfYn3lY6MSSTg8RnXbFIMG3CFImqYk1uhaV+bDjc p0htjzM2F98g7c3o7sWx0bGarId4uhOmpj7JJVQ+lu7Jby6Ocj8n//7qF1Nn11Cw QlCVaeAq5Y5DmZrnww9I3zzOWWyqFkAVCM3GqeRLMvplD6/+O+5FF7XoHzQB47nk OyZtawy/9gssPWZKLv4qHLYS0wGGCiNbCsYy90s3pfeafM0kSxxjIvEz21KT6LJI /awu2ErQFWCkDMFJ1p/97MjPrQ/6d4cPO140V/wyfuWaBiTVqa9mgnb2zn6fYfDH JEvl1UzIx3JCae25tty1+qtnS0i0LlN0ZXBoZW4gRmFycmVsbCA8c3RlcGhlbkB0 b2xlcmFudG5ldHdvcmtzLmNvbT6JAj0EEwEIACcFAlo9UVoCGwMFCQmUJgAFCwkI BwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+o7HBAAxHAdFkBGZ9gJK8w7 NUYS9C6enGYtAYoKH5G3Bn3YScjErNfQtHYb53KwBQpVSOv1HcN8hbQ8mLTgn9lt zNwNSuv0XxIswi807HRSIZ4vYDiS5VKV1YkLYK5bLY5O4alVdzqM+AZQqkuHBu63 6n+C0ED6UwLhVBFfSNvBQVAdoq6gvr+IE8rCIKTMNGwNcgVPbF+YxP7UZM6p7s2a 5MIqGw7URSfaqfuztibXGOBLFbSwLGqHSSnOXBfEeDrwdZ+ur8cXIIPRIeCTVmeO 8bGgpgBqNQXG9oyGN+TrYAC+4Ahi0UjCk7QGj8tf3xICKoQpYyfceNBZJ/969gV9 tVgvRxUjxUwc9kZbi0c8XYMTq5GCvBIh1D6BOW9QBM2SsNgG3l36+e3+c2LDdyKn 20C1IzGLVDdcCtz42/onQ/e9sMlzFrfLjs5SO2/TnLvp2JtsIQXyb/T5qd0GE5j8 /iwfZR+uVTVVEsUl1a+Yllzt6sdR7RIhhKpKaKzEAk4d0+VHdz7zEkQRRSjbPVoS fy8c/kld9Fi8Buna+ZkKpcwIW+D4XP83pGcl0XUv6AyqwS1LnEt+jv/+PSXskYtU Lzn8Z35iKkSAH/5Nz6GCZk6ORPNv/6+UI92BpUbu/G2tBwK8bPgAg+gJxBx3G7MK W7VRCmM5UrtAK9A3O70VjPyMkHSJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLC LAf/X/9vRTZWtwSXxiBCA54a6hg9IvW0mvPUqgXfvrhtOk0IFucLKrTXK8J/NcmU 6ulxOovVbQ+Bin6gtHeCmSa/W523g/NXCOuFTnS/MyVibNL4+RCFwqGysl++Cm+L nj1MmasE9kO+CNdervx8APfxV7D6OYrG4eGag+LdFR6VpJn6tRT0/WvyT8l+Oqiq gdhXHv+0MvkkD9TX5LlJW4VB/yRvWkkmL5N5c5zYh+NcfTPhQ5S9dOorVzrm65d6 Itn0937Ennau7s7fiFdA0BHjWqEAFLsBIXQfCFjjKjdsKA4xlSiX7X7ElmPYpWa5 wwTQ66dL0anMd9y1DJCMOHe4gYkCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9 g1MSBQJbtyScAAoJEBDvedn9g1MSY7sP+gKR0rFU1g+GtB+hSdtwPRbacvml2eL2 Jc5Eq37J9hAqxHyt5V0If7s8IyVA2GXgdfwULBWbXGDUDiUkh20OPQRUS8G9Sf8A WRuG25q5C8ZzWygykL88RKXJZDFtA49CeqO5Bq5syBhq4QfiSTffQHIp3h0boPGU hSBEUQpooMXYQClNARQ+z/uRzR5bUi9wxdXNnxTn9ia4ASlaBPvUYTGY1jW2HrRR SwpI12+UaWsvc3jJtQ8X0kxgJ7jsFF1uqquIZ5eflQv+PHHg2RJSy37u0UFGb+OK ZEkzlmbPokKCYhzBR5PcD6sgdlaJNcidmto9u1oV6yZT8J2W4CTuUclgxt6f3lZq ZeVLnNnbHyKUdeypwLlqYISulfnMhZ3A6Bgpf2BtjL6KJbFtPBYmYdxI+HZyY49u U2ZHhRu+CSQ1y7zGKSX0gRp5hE7+A4XJtsT6lTLhbi9aiZTG1S6zKNhl3qNNzszc r27PrvFiyGhpuYQuzdQl2PMGbOI6Ojif3sab53NO3RLsLOM09wIlr95yKLlkXkUr WcvUJGrw6HKm8j5opXHTwmJOAbDpc6cMDu+ITRu4spdCnQJcE8RkO8tKyaLuh2Gt U5kYSBK97yr5VviX1FK6rY14LLmnE16OPiK2tiVBKy9nGM0DKtY+K9WcoRZ7s/d7 O0bMfzcNPtGLuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiez GPuBHmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9Wf pHTD8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC 6T5MsK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2 D/zE4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFe A7PbTuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ /Vf3vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbpt PEcmoazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKr em5r+oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96 Z22fQ0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYgh x8b7Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQ oqj1gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P /1tF6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8 Wpfdn3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJ gx252HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5 SLjNJIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2 oKjwrIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtA ZAGsokRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIA ypqYo3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoM eDQkd0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS /qmUyXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZ IMhkvMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XO KVc3YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DJ121 -----END PGP PUBLIC KEY BLOCK----- --------------516AE983BBBA199CBED446F2-- --lJCzyVjRsqQ6Sr89gZx99Vy8LDYaef4W1-- --9yqaooCyhSEOWiTHv3hOgRegxVcLUL1rb Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEW7Wm6ldl0sWGPK4nWrL68XsXK+oFAlx3y4sACgkQWrL68XsX K+oCmA//TgPSkrDgJc2b1am0Qk/u+yqXdRMoi1kph53dGmSPftLPptP6jp2y80vB fd/wGGfZHZFh6ayoPVsdiqziuKiNdG6Mv3FVGhjcw47LQQGg5flfxbSzYSvXx1FN SCUKheVPFSX9F1+ZgPuPo/0+RpDNplUmpoPR4UaR9V3Zupu1cbK8o8JbGdxunrkK 0f1hwiCXr1WARy3O/MjVORbZyFAKz1vtwAHt0PoSWheJ6Pa0kSKeecGq6xNiAJ8g 1P7pqQLRclcmE5GcPtmXuxLnlHvv8dIGeZv9u5ticKtAMoDZezUwFNUEi1awGUpp ZxsOIMMwbJ6q6uyOVznxlmTij+eaLn/ChV44Y1lkvnGX//MbccBwJHV0RCm4EJJR GiiZWz4/nVsBqDMoU6A2SYpkOMVHo2G2ibEkLahBz6prZw43EErvMrNcjh1NGCAZ kY5l4VTA8yq8jTXtsBN17EGY7+kcdvk2aCZYO7c8HAi0gvQoOr0/zUmBOs909dy5 qJIo2CRiJGsfg8oVnqptsKG2p6WKY2VbxWJNkCvdHlJeUUUIEeYuFYbsfufVjIha 31EfDNTGSti/RqolCBSQbzkdMV34+YxFA3DdKa5na6mNPDV2r9m6aQlV7Pfgn+0v AqBfGDkhThSsmo5bAVoy0Y8UBRv0jeI6jC2xgheFja+hwRZbqfY= =AWJs -----END PGP SIGNATURE----- --9yqaooCyhSEOWiTHv3hOgRegxVcLUL1rb-- From nobody Thu Feb 28 04:58:51 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CDD7129741 for ; Thu, 28 Feb 2019 04:58:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lvV9xQ0ly_cy for ; Thu, 28 Feb 2019 04:58:47 -0800 (PST) Received: from pacdcmhout01.cable.comcast.com (PACDCMHOUT01.cable.comcast.com [68.87.31.167]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19012130DF1 for ; Thu, 28 Feb 2019 04:58:47 -0800 (PST) X-AuditID: 44571fa7-9f3ff70000021550-12-5c77db056154 Received: from PACDCEX21.cable.comcast.com (dlpemail-wc-2p.cable.comcast.com [24.40.12.145]) (using TLS with cipher AES256-SHA256 (256/256 bits)) (Client did not present a certificate) by pacdcmhout01.cable.comcast.com (SMTP Gateway) with SMTP id DF.5B.05456.50BD77C5; Thu, 28 Feb 2019 07:58:45 -0500 (EST) Received: from PACDCEX19.cable.comcast.com (24.40.1.142) by PACDCEX21.cable.comcast.com (24.40.1.144) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 28 Feb 2019 07:58:44 -0500 Received: from PACDCEX19.cable.comcast.com ([fe80::3aea:a7ff:fe36:8304]) by PACDCEX19.cable.comcast.com ([fe80::3aea:a7ff:fe36:8304%19]) with mapi id 15.00.1395.000; Thu, 28 Feb 2019 07:58:44 -0500 From: "Brotman, Alexander" To: Stephen Farrell , Andrew Sullivan , "dbound@ietf.org" Thread-Topic: [dbound] draft-brotman-rdbd Thread-Index: AQHUz1Sq/Wg3+yjSZEGxUn4PByjblaX1bWKA//+3/jA= Date: Thu, 28 Feb 2019 12:58:43 +0000 Message-ID: <8784823acf124fd3ba114794d927c8b2@PACDCEX19.cable.comcast.com> References: <20190228084640.vgexxwltqmshkf4q@mx4.yitter.info> <20190228105902.4z3o6x7lavkhd4xk@mx4.yitter.info> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [96.114.156.8] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-CFilter-Loop: Forward X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupjleLIzCtJLcpLzFFi42KR0OCZqMt6uzzGYMNvTYsDn68xWey6fI3d Yvrea+wOzB7PTr5i91jbfZXNY8mSn0wBzFENjDYlGUWpiSUuqWmpecWpdlwKGMAmKTUtvyjV NbEopzIoNSc1EbsykMqU1JzMstQifazG6GM1J6GLKePIzwvsBTesK6af62FsYJxi1cXIwSEh YCJxfBZrFyMXh5DADiaJ7g0NUM4uRomG3/ehnJOMEh8fHWfvYuTkYBOwknj7v50ZJCEi0MAo 0bHjMStIQlhAQ2JWz3wmEFtEQFPi5v6FzBC2lcSv5mtgzSwCqhKvd50Di/MKeEn8vj6DCWLD EkaJ1X9/gBVxCthKTJp8lRHEZhQQk/h+ag3YUGYBcYlbTyAWSAgISCzZc54ZwhaVePn4HyuE bSCxdek+FghbQWL7/m0sIH8yAx20fpc+xBhFiSndD9khbhCUODnzCVS5uMThIztYJzCKz0Ky bRZC9ywk3bOQdC9gZFnFyGNmoWdhrmdsqGdoZr6JEZhKXMLll+9g3D4r4xCjAAejEg9v4I3y GCHWxLLiytxDjBIczEoivLqXgUK8KYmVValF+fFFpTmpxYcYpTlYlMR5j/gBpQTSE0tSs1NT C1KLYLJMHJxSDYxbNhg6fFGZ7iU/S2535SUuyz7OY9tE1zzfvf/c8i33Ci4wM/25zx61f13t 1fX39U/Lu/kHSPBWH3zWpzA5JOlzT0tgetuhVlcObi2bvCju2VPeV8XfmqH2eZeuO1ui7TGG 26+rT/9aO+12HnOQX8+jw2eOXlnHX64qHZ/oajTP1u9T8UPLrkAlluKMREMt5qLiRADxHb11 IQMAAA== Archived-At: Subject: Re: [dbound] draft-brotman-rdbd X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Feb 2019 12:58:50 -0000 DQoNCi0tDQpBbGV4IEJyb3RtYW4NClNyLiBFbmdpbmVlciwgQW50aS1BYnVzZSAmIE1lc3NhZ2lu ZyBQb2xpY3kNCkNvbWNhc3QNCg0KPiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBGcm9t OiBkYm91bmQgPGRib3VuZC1ib3VuY2VzQGlldGYub3JnPiBPbiBCZWhhbGYgT2YgU3RlcGhlbiBG YXJyZWxsDQo+IFNlbnQ6IFRodXJzZGF5LCBGZWJydWFyeSAyOCwgMjAxOSA2OjUzIEFNDQo+IFRv OiBBbmRyZXcgU3VsbGl2YW4gPGFqc0BhbnZpbHdhbHJ1c2Rlbi5jb20+OyBkYm91bmRAaWV0Zi5v cmcNCj4gU3ViamVjdDogUmU6IFtkYm91bmRdIGRyYWZ0LWJyb3RtYW4tcmRiZA0KPiANCj4gDQo+ IEhpeWEsDQo+IA0KPiBUaGFua3MgZm9yIHRoZSBnb29kIGNvbW1lbnRzLg0KPiANCj4gT24gMjgv MDIvMjAxOSAxMDo1OSwgQW5kcmV3IFN1bGxpdmFuIHdyb3RlOg0KPiA+IEhpLA0KPiA+DQo+ID4g U2luY2UgdGhpcyBpcyB0aGUgcGxhY2UsIEkgcmVhZCBkcmFmdC1icm90bWFuLXJkYmQtMDAgYW5k IGhhdmUgYSBmZXcNCj4gPiBvYnNlcnZhdGlvbnMuDQo+ID4NCj4gPiBJJ20gc2xpZ2h0bHkgY29u Y2VybmVkIGF0IHRoZSB3YXkgdGhpcyBpcyBiZWluZyBjb25jZWl2ZWQsIGJlY2F1c2UgSQ0KPiA+ IHRoaW5rIGl0IGhhcyBhIGNvbmNlcHR1YWwgc2VwYXJhdGlvbiBpbiBpdCB0aGF0IGlzIHRyb3Vi bGVzb21lLiAgSXQncw0KPiA+IGZvdW5kIGhlcmU6DQo+ID4NCj4gPiAgICBSREJEIGlzIGludGVu ZGVkIHRvIGRlbW9uc3RyYXRlIGEgcmVsYXRpb25zaGlwIGJldHdlZW4gcmVnaXN0ZXJlZA0KPiA+ ICAgIGRvbWFpbnMsIG5vdCBpbmRpdmlkdWFsIGhvc3RuYW1lcy4gIFRoYXQgaXMgdG8gc2F5IHRo YXQgdGhlDQo+ID4gICAgcmVsYXRpb25zaGlwIHNob3VsZCBleGlzdCBiZXR3ZWVuICJleGFtcGxl LmNvbSIgYW5kICJkZXB0LQ0KPiA+ICAgIGV4YW1wbGUuY29tIiwgbm90ICJmb28uZXhhbXBsZS5j b20iIGFuZCAiYmFyLmRlcHQtZXhhbXBsZS5jb20iLg0KPiA+DQo+ID4gVGhlIHByb2JsZW0sIG9m IGNvdXJzZSwgaXMgdGhhdCBmb28uZXhhbXBsZS5jb20sIGJhci5kZXB0LWV4YW1wbGUuY29tLA0K PiA+IGFuZCByZWFsbHkubG9uZy5zZXQub2YubGFiZWxzLmV4YW1wbGUuY29tIGFyZSBhbGwgX3Bl cmZlY3RseSBnb29kXw0KPiA+IGRvbWFpbnMuICBOb3csIG1heWJlIHdoYXQgdGhlIGFib3ZlIGlu dGVuZHMgdG8gY29tbXVuaWNhdGUgaXMgdGhhdA0KPiA+IFJEQkQgaXMgaW50ZW5kZWQgdG8gZGVt b25zdHJhdGUgYSByZWxhdGlvbnNoaXAgYmV0d2VlbiB0aGUgb3duZXIgbmFtZQ0KPiA+IGF0IGFu IGFwZXggYW5kIGFsbCB0aGUgc3Vic2lkaWFyeSBuYW1lcyBpbiB0aGF0IHpvbmUgKGkuZS4gdXAg dW50aWwNCj4gPiBhbnkgc3Vib3JkaW5hdGUgem9uZSBjdXQpLCBhbmQgdGhlIG93bmVyIG5hbWUg YXQgYW4gYXBleCBhbmQgYWxsIHRoZQ0KPiA+IHN1YnNpZGlhcnkgbmFtZXMgaW4gX3RoYXRfIHpv bmUuICBBbHRlcm5hdGl2ZWx5LCBtYXliZSB3aGF0IHRoZSBhYm92ZQ0KPiA+IGludGVuZHMgdG8g Y29tbXVuaWNhdGUgaXMgdGhhdCBSREJEIGlzIGludGVuZGVkIHRvIGRlbW9uc3RyYXRlIGENCj4g PiByZWxhdGlvbnNoaXAgYmV0d2VlbiBvd25lciBuYW1lcyBpbW1lZGlhdGVseSBiZWxvdyBhIHNv LWNhbGxlZCBwdWJsaWMNCj4gPiBzdWZmaXguICBJIGNhbiBpbWFnaW5lIHVzZSBjYXNlcyBmb3Ig ZWl0aGVyLCB0aG91Z2ggSSBhbSBub3Qgc3VyZQ0KPiA+IHRoZXkncmUgYXMgZ2VuZXJhbCBwdXJw b3NlIGFzIHBlb3BsZSBtaWdodCB0aGluay4NCj4gDQo+IEkgdGhpbmsgdGhhdCdzIEFsZXgncyB0 ZXh0IHNvIEknbGwgbGVhdmUgaXQgdG8gaGltIHRvDQo+IGV4cGxhaW46LSkgRnJvbSBteSBQT1Yg dGhvdWdoLCBzZWUgbXkgYW5zd2VyIHRvIFBhdWwgV291dGVycyBvbiB0aGUgKGxhY2sgb2Y7LQ0K PiApIHNlbWFudGljcyBoZXJlLiAoVGhhdCB3YXMgb24gYSBkaWZmZXJlbnQgbGlzdCBidXQgaXMg YXQgWzFdLikgTm90IHN1cmUgaWYgdGhhdCdsbA0KPiBjbGFyaWZ5IG9yIG11ZGR5IHRoZSB3YXRl cnMgdGhvdWdoLCBzbyBpdCBtYXkgYmUgZWFzaWVyIHRvIGNoYXQgYWJvdXQgdGhpcyBmMmYgaW4N Cj4gUHJhZ3VlIGlmIHdlIGdldCBhIGNoYW5jZS4NCj4gDQo+ICAgIFsxXQ0KPiBodHRwczovL21h aWxhcmNoaXZlLmlldGYub3JnL2FyY2gvbXNnL2FydC9EYXFoaG5yTlJTckllUGJRVFdETENEdWF3 NmsNCltCcm90bWFuLCBBbGV4YW5kZXJdIA0KDQpGcm9tIG15IHBlcnNwZWN0aXZlLCBJIHdhcyBs b29raW5nIHRvIGNyZWF0ZSBhIHJlbGF0aW9uc2hpcCBmb3IgdGhlIHJlZ2lzdGVyZWQgZG9tYWlu cyAoSSBjb3VsZG4ndCBmaW5kIGEgZ29vZCBSRkMgdG8gdXNlIGEgcmVmZXJlbmNlIGZvciB0aGlz KSwgc28gSSBiZWxpZXZlIHlvdXIgY29tbWVudCBhYm91dCB0aGUgYXBleCBpcyBjb3JyZWN0LiAg U28gbG9va2luZyB0byBrbm93IHRoYXQgImV4YW1wbGUuY29tIiBhbmQgImRlcHQtZXhhbXBsZS5j b20iIChvciAiZXhhbXBsZS5jb20iIGFuZCAiZXhhbXBsZS5jby51ayIsIGV0Yy4pIHNob3VsZCBo YXZlIHRoYXQgbGluay4NCg0KPiANCj4gPiBJIGFtIG1vcmUgdGhhbiBhIGxpdHRsZSB3b3JyaWVk IGFib3V0IHRoZSBwYXJlbnQvc2Vjb25kYXJ5IHNwbGl0Lg0KPiA+IChBbHNvLCBib3RoIG9mIHRo ZXNlIGFyZSBhbHJlYWR5IHdlbGwtdXNlZCB0ZXJtcyBpbiB0aGUgRE5TLCBzbyBJDQo+ID4gcmVh bGx5IHN0cm9uZ2x5IHVyZ2Ugc29tZSBvdGhlciB0ZXJtcy4gIFdlIGhhdmUgZW5vdWdoIHRyb3Vi bGUgd2l0aA0KPiA+IG92ZXJsb2FkaW5nIEROUyB0ZXJtcyB3aXRob3V0IGRvaW5nIHNvIHdpdGgg dHdvIG9mIHRoZSBtb3N0IGZyZXF1ZW50bHkNCj4gPiB1c2VkIHRlcm1zIGluIEROUyBvcGVyYXRp b25zLCBwYXJ0aWN1bGFybHkgd2hlbiB0aGlzIG1peGVzIHRlcm1zIGZyb20NCj4gPiBkZWxlZ2F0 aW9uIGFuZCBmcm9tIHpvbmUgdHJhbnNmZXJzLikNCj4gDQo+IEZhaXIgcG9pbnQuIEJldHRlciB0 ZXJtcyB3ZWxjb21lLiBJZiB3ZSBkb24ndCBnZXQgaGFuZGVkIHNvbWUsIHdlJ2xsIHRyeSBpbnZl bnQgYQ0KPiBjb3VwbGUuDQo+IA0KPiBJJ3ZlIG5vdGVkIHRoaXMgYW5kIGEgY291cGxlIG9mIG90 aGVyIGlzc3VlcyByYWlzZWQgaW4gdGhlIGVkaXRvcidzIHZlcnNpb24gb24NCj4gZ2l0aHViLiBb Ml0gKEFuZCBidHcsIGlmIHRoZXJlJ3JlIG90aGVyIHRoaW5ncyBmcm9tIHRoZXNlIG1haWwgdGhy ZWFkcyBJIG91Z2h0DQo+IG5vdGUgdGhlcmUsIGFueW9uZSBjYW4ganVzdCBwaW5nIG1lIHRvIGFk ZCBzdWNoLikNCj4gDQo+ICAgIFsyXQ0KPiBodHRwczovL2dpdGh1Yi5jb20vYWJyb3RtYW4vcmVs YXRlZC1kb21haW5zLWJ5LWRucy9ibG9iL21hc3Rlci9yZGJkLnR4dA0KPiANCj4gPiBJdCBpc24n dCBjbGVhciB0byBtZSwgZnJvbSB0aGUNCj4gPiBkaXNjdXNzaW9uLCB0aGF0IGl0IGlzIG9idmlv dXNseSB0cnVlIGluIG1vc3Qgb2YgdGhlIHVzZSBjYXNlcyBwZW9wbGUNCj4gPiBoYXZlIHRoYXQg b25lIG9mIHRoZSBkb21haW5zIHBlb3BsZSB3YW50IHRvIHRhbGsgYWJvdXQgaXMgInRoZSBtYWlu DQo+ID4gb25lIi4gIE1vcmUgaW1wb3J0YW50bHksIGl0IGlzIHF1aXRlIGxpa2VseSB0aGF0IHNv bWVvbmUgdHJ5aW5nIHRvDQo+ID4gcXVlcnkgdGhpcyB3aWxsIGhhdmUgYSBkaWZmZXJlbnQgaWRl YSBhYm91dCB3aGljaCBpcyAibWFpbiIgdGhhbiB0aGUNCj4gPiBkb21haW4gb3BlcmF0b3IsIHNv IGlmIHRoaXMgaXNuJ3QgYSBmdWxseSBiaWRpcmVjdGlvbmFsIG9wZXJhdGlvbg0KPiA+ICh3aGlj aCBpdCdzIG5vdCBpbiAtMDApIHRoZXJlIGNvdWxkIGVhc2lseSBiZSBwcm9ibGVtcyBpbiB1c2Uu ICAoVGhpcw0KPiA+IGlzIHBhcnQgb2Ygd2h5IFNPUEEgd2FzIHByb3Bvc2VkIHRvIGJlIHR3by13 YXkuKQ0KPiANCj4gQnV0IGlmIHRoaXMgc3RheXMgdW5pZGlyZWN0aW9uYWwsIG9uZSBjb3VsZCBh bHdheXMgZG8gdGhlIHRyaWNrIHR3aWNlIEkgdGhpbmsuIFNvIEknbQ0KPiBub3Qgc3VyZSBJIGdl dCB3aHkgdGhhdCdkIGJlIGEgcHJvYmxlbT8NCj4gKEFzc3VtaW5nIHRoZSBzeW50YXggY29udGlu dWVzIHRvIGFsbG93IHRoYXQuKQ0KPiANCj4gSSdtIGFsc28gbm90IHN1cmUgaWYgYWx3YXlzLWJl aW5nLWJpZGlyZWN0aW9uYWwgaXMgdGhlIHJpZ2h0IGRlc2lnbiBteXNlbGYsIChzZWUNCj4gYWJv dmUgd3J0IGxhY2sgb2Ygc2VtYW50aWNzKSBidXQgaWYgaXQgd2VyZSBhbmQgZGlkbid0IGFkZCBh IGxvdCBvZiBjb21wbGV4aXR5LCBJJ2QNCj4gYmUgb2sgd2l0aCBpdC4NCj4gDQo+ID4gSWYgeW91 J3JlIGdvaW5nIHRvIGRvIHRoaXMgd2l0aCBUWFQgcmVjb3JkcywgdGhlbiB5b3UgZGVmaW5pdGVs eSBuZWVkDQo+ID4gYW4gdW5kZXJzY29yZSBsYWJlbCwgb3IgdGhlIGFwZXggbmFtZSBpcyBnb2lu ZyB0byBiZSBhIG1lc3MuICBCdXQgdGhhdA0KPiA+IHdpbGwgbWVhbiB0aGF0IHRoaXMgd29uJ3Qg d29yayBmb3IgRE5BTUUuICBUaGF0IGNvbnNpZGVyYXRpb24gaXMgcGFydA0KPiA+IG9mIHdoeSBT T1BBIGRlZmluZWQgYSBuZXcgUlJUWVBFIGFuZCBwdXQgdGhlIFJSIGF0IHRoZSBuYW1lIHRoYXQg d2FzDQo+ID4gc3VwcG9zZWQgdG8gYmUgcmVsYXRlZC4NCj4gDQo+IFllcCwgZmFpciBlbm91Z2gu IFBlcnNvbmFsbHkgSSB0aGluayBhIG5ldyBSUlRZUEUgaXMgZmluZSBhbmQgd2lsbCBnZXQgYSBj b3VwbGUgb2YNCj4gaXNzdWVzIG9mZiB0aGUgdGFibGUgc28gaXMgbGlrZWx5IHRoZSByaWdodCB0 aGluZyB0byBkby4gSSB0aGluayBBbGV4IGlzIGFsc28gb2sgd2l0aA0KPiB0aGF0LCBpbiB3aGlj aCBjYXNlLCB3ZSdsbCBzZWUgYWJvdXQgd2hhY2tpbmcgb3V0IGEgLTAxIGFsb25nIHRob3NlIGxp bmVzIGJlZm9yZQ0KPiB0aGUgSS1EIGN1dG9mZi4gKEFuZCBpZiBub3QsIHdlJ2xsIGNvbnRpbnVl IHRvIGJlIHJpZ2h0bHkgYmVhdGVuIHVwIGZvciB5ZXQgbW9yZQ0KPiBhYnVzZSBvZiBUWFQ6LSkN Cj4gDQpbQnJvdG1hbiwgQWxleGFuZGVyXSANCg0KSSdtIDEwMCUgb2theSB3aXRoIGEgbmV3IFJS VFlQRSwgYW5kIGV4cGVjdGVkIHdlIHdvdWxkIGRvIHNvLiAgSSBkbyBhcG9sb2dpemUgZm9yIG5v dCBoYXZpbmcgdGhhdCBiZSBwcm9wZXJseSBjcmVhdGVkIGluIC0wMCwgYnV0IHdhbnRlZCB0byBn ZXQgc29tZSBjb21tZW50cyBvbiB0aGUgLTAwIGRyYWZ0LCBhbmQgaWRlYWxseSBhIC0wMSBiZWZv cmUgUHJhZ3VlIHRoYXQgaW5jb3Jwb3JhdGVzIGZlZWRiYWNrIGZyb20gZm9sa3MuDQoNCj4gPiBJ IGhvcGUgdGhlc2UgY29tbWVudHMgYXJlIHVzZWZ1bC4gIEkgaGF2ZSBsaW1pdGVkIGN5Y2xlcyB0 byBzcGVuZCBvbg0KPiA+IElFVEYgc3R1ZmYgdGhlc2UgZGF5cywgYnV0IHRoaXMgd2FzIGFsd2F5 cyBhIHRvcGljIGNsb3NlIHRvIG15IGhlYXJ0DQo+ID4gKGFuZCBJJ20gc3VwZXIgYW5ub3llZCB0 aGUgREJPVU5EIFdHIGZhaWxlZCksIHNvIEknbGwgdHJ5IHRvIGtlZXAgdXAuDQo+IA0KPiBFeGNl bGxlbnQhDQo+IA0KPiBDaGVlcnMsDQo+IFMuDQo+IA0KPiANCj4gPg0KPiA+IEENCj4gPg0K From nobody Thu Feb 28 05:32:13 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1EBC130E69; Thu, 28 Feb 2019 05:32:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.199 X-Spam-Level: X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NpgywNb7kHcO; Thu, 28 Feb 2019 05:31:57 -0800 (PST) Received: from ppsw-30.csi.cam.ac.uk (ppsw-30.csi.cam.ac.uk [131.111.8.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A96CD130E7F; Thu, 28 Feb 2019 05:31:57 -0800 (PST) X-Cam-AntiVirus: no malware found X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus Received: from grey.csi.cam.ac.uk ([131.111.57.57]:46358) by ppsw-30.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.136]:25) with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) id 1gzLmy-000hLW-eD (Exim 4.91) (return-path ); Thu, 28 Feb 2019 13:31:52 +0000 Date: Thu, 28 Feb 2019 13:31:51 +0000 From: Tony Finch To: John C Klensin cc: John R Levine , art@ietf.org, dbound@ietf.org In-Reply-To: <49A2FC767B5A7146F39456B9@PSB> Message-ID: References: <20190227172143.10303200F57CE0@ary.local> <1FFA1977E97DE99C390869DA@PSB> <49A2FC767B5A7146F39456B9@PSB> User-Agent: Alpine 2.20 (DEB 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Archived-At: Subject: Re: [dbound] [art] [DNSOP] not DNAME, was Related Domains By DNS (RDBD) Draft X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Feb 2019 13:32:05 -0000 John C Klensin wrote: > John R Levine wrote: > > > There's the additional issue that an MX with a target of a > > CNAME or DNAME doesn't work reliably, > > "doesn't work reliably" may or may not be a synonym for "is > explicitly prohibited by SMTP" but the latter is true is any > event. Actually the issue here is not the target of the MX but its owner, i.e. the mail domain itself. As you know, professor (to coin a phrase) if I have: foo.example MX mx.foo.example bar.example CNAME foo.example This is allowed per SMTP. However there are disagreements between various versions of the specification and various implementations about what this means. Some treat it as equivalent to bar.example MX mx.foo.example Others treat it as equivalent to a directive that says addresses @bar.example should have the domain part rewritten to foo.example. So if you have CNAME (or DNAME) pointing at MX and you want the alias to be usable as a mail domain, you have to be super careful with the setup of the target mail servers to work around the interoperability gotchas. On the other hand, although MX pointing at CNAME is formally frowned on, AIUI it works fine in practice. Tony. -- f.anthony.n.finch http://dotat.at/ East Forties: Northerly 4 or 5. Slight or moderate. Fair. Good. From nobody Thu Feb 28 08:47:21 2019 Return-Path: X-Original-To: dbound@ietfa.amsl.com Delivered-To: dbound@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F29C9130F04 for ; Thu, 28 Feb 2019 08:47:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=F5BB3R30; dkim=pass (1536-bit key) header.d=taugh.com header.b=nXg8Z/uG Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CjzUhdgbM-rt for ; Thu, 28 Feb 2019 08:47:18 -0800 (PST) Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C134130EBE for ; Thu, 28 Feb 2019 08:47:18 -0800 (PST) Received: (qmail 65292 invoked from network); 28 Feb 2019 16:47:17 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=ff0a.5c781095.k1902; bh=Ud9OVUoOGlvciIkWbhxnJcdxDwlqhm9lgZxJnvc0Xx4=; b=F5BB3R30VY1sGLZaEXXWmkNmx2P2PZHDG6kz7m7xlrjNrk55C5aFDvLCugTCqYX1DqaCInBztyrD8Tf2me/gyIl1FmFP95g5XficoEIxpv/iX+nqE30lMpM91eoOO/zp7BmZjbRgN4ooXMTrvCzFS/z70M+NPZ3wWLuqYA76VKCBv7fJ7QDmVSbk7OyeHeyH/phJSlww+2zUmHSCV+vOktSW/b6+VXVk9PNfXk2Gg/77mzXMTDSMX49S0a0HOQCM DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=ff0a.5c781095.k1902; bh=Ud9OVUoOGlvciIkWbhxnJcdxDwlqhm9lgZxJnvc0Xx4=; b=nXg8Z/uGEyqj+mjmd6UP9Nu1VO/UUZuv0uj8OzzcxfOSOuh9wgCk320dB2tlDaOCZT83yvY69Ja7m9pH/eMmrpttysRzWA2LtVh6d1L0B3sZwm8tpg5G93YmimpLunRz0xZmR3UoDDA3TEhb6FMGcvCLE5Jkr/Z04/j2Yz+zlba/9vjWeUAdcyQH7HPydT6+vqrf2jF9KlCep3bmci4MgRGedk/1dFTrcPM/xSut5gbfefkgRP7O3rQt6O2GZIFr Received: from ary.local ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 28 Feb 2019 16:47:16 -0000 Received: by ary.local (Postfix, from userid 501) id ACC91200F70322; Thu, 28 Feb 2019 11:47:16 -0500 (EST) Date: 28 Feb 2019 11:47:16 -0500 Message-Id: <20190228164716.ACC91200F70322@ary.local> From: "John Levine" To: dbound@ietf.org Cc: ajs@anvilwalrusden.com In-Reply-To: <20190228105902.4z3o6x7lavkhd4xk@mx4.yitter.info> Organization: Taughannock Networks X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: Subject: Re: [dbound] draft-brotman-rdbd X-BeenThere: dbound@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DNS tree bounds List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Feb 2019 16:47:20 -0000 In article <20190228105902.4z3o6x7lavkhd4xk@mx4.yitter.info> you write: > RDBD is intended to demonstrate a relationship between registered > domains, not individual hostnames. ... I think the intention here is what's known in DMARC-ese as an organizational domain, which in practice means a domain whose immediate parent is in the PSL. I agree with your point about RRs, and as I've said a few times, depending on what you think is hard or what is easy, the signatures seem to add implemenation complexity without adding much actual utility. R's, John PS: >(and I'm super annoyed the DBOUND WG failed), so I'll try to keep up. Me too and I never really understood why. Near as I can tell, my proposal and Casey's were quite similar, but Casey's had a whole bunch of added stuff that was hard to understand (I didn't) so people gave up.