-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I just read you draft about qname minimisation again and i discovered that besides limiting the number of labels the resolver is sending to the authoritative it also proposes to replace the qtype with "NS" when sending queries to authoratives.
This is understandable for privacy concerns but it also makes it impossible (or at least much more difficult) to perform security analysis at the vantage point of the authoritive server operator such as a ccTLD. Detecting spamruns when the MX count/percentage is suspicious is a use case that will no longer be possible. Other security detection algo's will probaly also suffer. Is this something the group discussed? and maybe something you want to add to the security section of the draft? Cheers, Maarten Op 11-11-15 om 11:23 schreef Stephane Bortzmeyer: > On Mon, Nov 09, 2015 at 06:48:51PM -0800, The IESG > <[email protected]> wrote a message of 35 lines which said: > >> The IESG plans to make a decision in the next few weeks, and >> solicits final comments on this action. Please send substantive >> comments to the [email protected] mailing lists by 2015-11-23. > > I have the personal feeling that documents with intended status > "Experimental" require more or less the same quantity of efforts > and scrutiny as the ones intended for the standards track :-( > > _______________________________________________ DNSOP mailing list > [email protected] https://www.ietf.org/mailman/listinfo/dnsop > - -- Maarten Wullink | Research Engineer SIDN | Meander 501 | 6825 MD | Postbus 5022 | 6802 EA | ARNHEM T +31 (0)26 352 55 45 | M +31 (0)6 21 26 87 55 | F +31 (0)26 352 55 05 [email protected] | www.sidn.nl pgp key: http://pgp.mit.edu/pks/lookup?op=get&search=0x4F2A495C4B1BF08B -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJWQydkAAoJEE8qSVxLG/CLEPYH/RoQwtGRdMLbzcgWq0ZTZx2n PQC1keF+VipvRJgHwO1Le6wn1f43GYg8KN4t0CoIU5toD06tY+C+kxRRuU0tfI+6 Qu7hfHg/MAiMMWxNcf+7HgMd9VxGB1Ul+/jJE/aGGbJ6flXd3lbaD7RnXOlMHCBM 772+KxkJlJUOe4+x2LyJsAToh9ZcVPJpfV6+hOn+GMMVMwl7IS9CSvcAF4QM0Z2+ JWKOPTdqTK00zEl667da4j1uuvA9tAEPTRiKul81heKQSVkNiihhXhkJC3MAv8iy JFOtodL2KGlHX77xdKkJCIJyvf3psbsy5ZnNFQpODdBc0ZAunuj3TduQZNN+xV8= =Ucga -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
