Re: [DNSOP] ALT-TLD and (insecure) delgations.

On Feb 3, 2017, at 9:10 PM, Andrew Sullivan wrote: > My memory is that only after that > did we start thinking of a sort of 1918-style part of the DNS as > well. That may have been a mistake, since as this discussion is > showing the properties of an in-protocol, in-DNS

Re: [DNSOP] ALT-TLD and (insecure) delgations.

On Fri, Feb 03, 2017 at 08:58:43PM -0500, George Michaelson wrote: > sorry to be thick, but.. can we have both on a case-by-case basis somehow? Well, if the stub that is going to query in this namespace _knows_ that it's special, then it also knows not to validate it too. So that's not a

Re: [DNSOP] New Version Notification for draft-hardaker-rfc5011-security-considerations-02.txt

Hi all, Was and I have updated this document to make it clearer and more readable. Please take a read and let us know if any parts are unclear, if you have any other feedback, etc. Is this close to done? W On Fri, Feb 3, 2017 at 6:29 PM, wrote: > > A new version of

Re: [DNSOP] ALT-TLD and (insecure) delgations.

On Fri, Feb 03, 2017 at 08:54:59PM -0500, Ted Lemon wrote: > On Feb 3, 2017, at 8:51 PM, Andrew Sullivan wrote: > > If the resolver "has a local zone for alt" -- I think this means it is > > authoritative for that zone -- why would it ask the root about it at > > all? >

Re: [DNSOP] ALT-TLD and (insecure) delgations.

On Fri, Feb 03, 2017 at 07:59:24PM -0500, Ted Lemon wrote: > Mark, I don't think you've actually given an answer to my question. > I understood that .ALT was for alternative naming systems, not for > DNS locally-served zones. We simply need to decide whether or not > that's true. I think

Re: [DNSOP] ALT-TLD and (insecure) delgations.

Hi, On Sat, Feb 04, 2017 at 09:47:08AM +1100, Mark Andrews wrote: > > Also the ICANN's rule for signed TLD delegation for new gTLD is so > that delegations from those zones can be signed. I don't think that it is up to this WG or even the IETF to make any determinations about why the names

Re: [DNSOP] ALT-TLD and (insecure) delgations.

sorry to be thick, but.. can we have both on a case-by-case basis somehow? it feels like no, because the sign over the zone state implicitly carries either denial of all false, or denial of none. I can't see how it can be in a dualistic middle ground. but if we could do it somehow, cleverly, it

Re: [DNSOP] ALT-TLD and (insecure) delgations.

On Fri, Feb 03, 2017 at 12:21:16PM -0800, Steve Crocker wrote: > And just to stir the pot a bit, what would you have ICANN do if someone > applies for .alt as a top level domain? Is it ok if we say yes and delegate > the name? If not, what is the basis for us to say no? > If alt ends up in

Re: [DNSOP] ALT-TLD and (insecure) delgations.

On Feb 3, 2017, at 8:51 PM, Andrew Sullivan wrote: > If the resolver "has a local zone for alt" -- I think this means it is > authoritative for that zone -- why would it ask the root about it at > all? This is a rehash of the .homenet discussion we had a few weeks ago.

Re: [DNSOP] ALT-TLD and (insecure) delgations.

On Wed, Feb 01, 2017 at 06:46:50PM -0500, Warren Kumari wrote: > Yup, but if a resolver has a (empty) local zone for .alt, and someone > queries it and validates, then I think you get SERVFAIL -- the root > says .alt doesn't exist, but here you have an answer apparently from > inside the zone --

Re: [DNSOP] ALT-TLD and (insecure) delgations.

Also the ICANN's rule for signed TLD delegation for new gTLD is so that delegations from those zones can be signed. It is not so that NXDOMAINS are secure or else NSEC3 with OPTOUT would be banned. There are lots of insecure answers from the new TLDs including delegations. Only those using NSEC

Re: [DNSOP] ALT-TLD and (insecure) delgations.

In message <9b6211a9-20b5-4b15-a8fd-a1390dad7...@fugue.com>, Ted Lemon writes: > > On Feb 3, 2017, at 4:09 PM, Mark Andrews wrote: > > You need a insecure delegation for ALT for the purposes we want to > > use ALT for. > > I don't think there's consensus on what we want to use ALT

Re: [DNSOP] ALT-TLD and (insecure) delgations.

On Feb 3, 2017, at 4:09 PM, Mark Andrews wrote: > You need a insecure delegation for ALT for the purposes we want to > use ALT for. I don't think there's consensus on what we want to use ALT for. I see Ralph arguing that ALT is never used to resolve things using the DNS

Re: [DNSOP] ALT-TLD and (insecure) delgations.

On Feb 3, 2017, at 4:17 PM, Ralph Droms wrote: > Obviates the need for (most?) interpretations of "technical use". > Helps separate the regions of the Domain Namespace over which IETF and ICANN > have authority. > Allows for ad hoc assignment of special use names. I would

Re: [DNSOP] ALT-TLD and (insecure) delgations.

> On Feb 3, 2017, at 3:49 PM, Suzanne Woolf wrote: > > Hi, > > To sharpen the question slightly…. > >> On Feb 1, 2017, at 5:11 PM, Ralph Droms wrote: >> >> >>> On Feb 1, 2017, at 4:42 PM, Mark Andrews wrote: >>> >>> >>> In

Re: [DNSOP] ALT-TLD and (insecure) delgations.

In message , Brian Dickson writes: > > Stephane wrote: > > > On Wed, Feb 01, 2017 at 03:28:29PM -0500, > > Warren Kumari wrote > > a message of 103 lines which said: > > > > > or 2: request that the IANA insert an insecure

Re: [DNSOP] ALT-TLD and (insecure) delgations.

Mark, > On Feb 1, 2017, at 3:56 PM, Mark Andrews wrote: > > > In message > , Warren K > umari writes: >> This is a fine thing to request in an IANA consideratons, but isn't >> necessarily *useful* -- the IANA

Re: [DNSOP] ALT-TLD and (insecure) delgations.

Hi, To sharpen the question slightly…. > On Feb 1, 2017, at 5:11 PM, Ralph Droms wrote: > > >> On Feb 1, 2017, at 4:42 PM, Mark Andrews wrote: >> >> >> In message <1b8e640b-c38e-4b76-a73d-7178491a9...@fugue.com>, Ted Lemon >> writes: >>> >>> On Feb

Re: [DNSOP] ALT-TLD and (insecure) delgations.

In article you write: >-=-=-=-=-=- >-=-=-=-=-=- > >We (ICANN) have no mechanism or process for inserting a DNAME record into the >root. We do have a >process for considering the general issue, but, so far as I know, no one has >yet brought that

Re: [DNSOP] ALT-TLD and (insecure) delgations.

We (ICANN) have no mechanism or process for inserting a DNAME record into the root. We do have a process for considering the general issue, but, so far as I know, no one has yet brought that idea into the ICANN/PTI arena. Steve Crocker [I am having trouble sending from st...@shinkuro.com, but

Re: [DNSOP] ALT-TLD and (insecure) delgations.

On Fri, Feb 3, 2017 at 12:21 PM, Steve Crocker wrote: > And just to stir the pot a bit, what would you have ICANN do if someone > applies for .alt as a top level domain? Is it ok if we say yes and > delegate the name? If not, what is the basis for us to say no? > The

Re: [DNSOP] ALT-TLD and (insecure) delgations.

And just to stir the pot a bit, what would you have ICANN do if someone applies for .alt as a top level domain? Is it ok if we say yes and delegate the name? If not, what is the basis for us to say no? Steve Crocker [I am having trouble sending from st...@shinkuro.com, but I am receiving

Re: [DNSOP] ALT-TLD and (insecure) delgations.

On Fri, Feb 3, 2017 at 3:02 PM, Brian Dickson wrote: > Stephane wrote: > >> On Wed, Feb 01, 2017 at 03:28:29PM -0500, >> Warren Kumari wrote >> a message of 103 lines which said: >> >> > or 2: request that the IANA insert an insecure delegation in the >> >

Re: [DNSOP] ALT-TLD and (insecure) delgations.

The DNAME has an effect similar to delegation, except that in the case of the AS112++ RFC ( https://tools.ietf.org/html/rfc7535 ) , the target is a well-known & published empty zone (as112.arpa.) (Delegation and DNAME cannot coexist for the same owner name - that is one of the edicts for DNAME,

Re: [DNSOP] ALT-TLD and (insecure) delgations.

> On Feb 1, 2017, at 3:56 PM, Mark Andrews wrote: > > > In message > , Warren K > umari writes: >> >> This is a fine thing to request in an IANA consideratons, but isn't >> necessarily *useful* -- the IANA has

Re: [DNSOP] ALT-TLD and (insecure) delgations.

Are you also expecting ALT will never be delegated in the root? If it were to be delegated in the root, what impact would that have on the uses you have in mind? Steve Crocker [I am having trouble sending from st...@shinkuro.com, but I am receiving mail without trouble. Please continue to

Re: [DNSOP] ALT-TLD and (insecure) delgations.

Stephane wrote: > On Wed, Feb 01, 2017 at 03:28:29PM -0500, > Warren Kumari wrote > a message of 103 lines which said: > > > or 2: request that the IANA insert an insecure delegation in the > > root, pointing to a: AS112 or b: an empty zone on the root or c" > > something similar. > > Here,

Re: [DNSOP] WGLC for draft-ietf-dnsop-sutld-ps

Hi, Some comments on the draft….no hats. I’ve started at the beginning and covered through the beginning of Sec. 4; I’ll review the “existing practices" material separately. It looks severely critical because it’s long, but most of the changes suggested are small, and I’ve tried hard to keep

[DNSOP] Domain Name System Operations (dnsop) WG Virtual Meeting: 2017-02-16

The Domain Name System Operations (dnsop) Working Group will hold a virtual interim meeting on 2017-02-16 from 19:00 to 21:00 UTC. Agenda: Preliminary agenda: 1. Issues from WGLC on the problem statement (https://datatracker.ietf.org/doc/draft-ietf-dnsop-sutld-ps/) 2. Proposals

Re: [DNSOP] WGLC for draft-ietf-dnsop-sutld-ps

Suzanne Woolf: > This message opens a Working Group Last Call for: > > "Special-Use Names Problem Statement" > https://datatracker.ietf.org/doc/draft-ietf-dnsop-sutld-ps/ > > Proposed status: informational > > Starts: 2 Feb. 2017 >