On Wed 2015-01-28 18:19:58 -0500, Rob Stradling wrote:
> Thanks for explaining that, DKG. Makes sense.
>
> Is there ever such a thing as a "sub-sub-zone" whose operators expect
> their parent and grandparent zones to be fully-enumerated?
Sure. Consider any ISP that hands out sub-zones to any customer who
wants them. Say i run Example WebHosting, and i control example.net,
which i use to hand out foo.example.net domains to those customers who
don't have their own names and don't want to register them.
i (and my customers) would certainly want .net to be fully-enumerated
(and we all want the root zone to be fully-enumerated). And my
customers would want example.net to be fully-enumerated, because they
don't want me being able to impersonate them.
> If so, that would suggest that option 1 is also insufficient, in which
> case we'd need to do option 2.
I'm not sure that this proves that option 1 is actually insufficient --
your real question is whether it's possible to have a non-enumerated
zone sandwiched between two fully-enumerated zones.
for example, consider a hypothetical example.com, which specializes in
non-enumerability (hiding the public names of its child zones for those
that trust it) -- its parent (the root zone) should be fully-enumerable,
but it itself chooses to hide its list of immediate children. It could
still delegate the foo.example.com zone to someone else, with the
proviso that it could impersonate foo.example.com, but not
x.foo.example.com.
then the customers/zone-children of example.com would have the option of
either:
a) hiding in the anonymized/non-enumerable space, while risking
undetectable compromise by their parent zone, or
b) avoiding use of the apex of their zone, and exposing their
delegation as (e.g.) whatever.foo.example.com, while being able to
monitor for misuse by their parent.
if ?.?.example.com ever shows up in the logs, then customers in group
(b) know that they might have a problem. if we go with option 1, then
customers in group (b) have no recourse.
> Or if not, is there any reason to prefer option 1 over option 2, or vice
> versa?
I think you're right, we should go for option 2 (also, it's the
simplest and easiest to explain, i think).
--dkg
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
