Re: [DNSOP] Updating the DNS Registration Model to Keep Pace with Today’s Internet
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 02/05/2015 07:59 PM, Mark Andrews wrote: >> >> But be careful. There be dragons here. Computers updating computers to cont >> rol who controls the domains? > > Computers update computers all the time. It's about establishing > the right controls. There is nothing technologically hard about > giving someone the right to update just the NS records. > *** Except when they do it on your behalf without your consent and under the (invisible, unspeakable) pressure of a police state. For the record, as a regular Tor user, I do not have the same reverence to Cloudflare's customer service. Although they keep defending the thesis that "website owners" must select an emergency defense mode to actually block Tor traffic, as more websites use Cloudflare services, they become unusable without a proprietary javascript-powered CAPTCHA. Given their jurisdiction, and the current war on cryptography, the potential for abusive breaches of privacy with this system are non-negligible. Adding to that the power to update the authoritative name servers for a domain, and you have a perfect Internet for Police State. And until now, without any IETF-approved alternative. == hk -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQJ8BAEBCgBmBQJU1AifXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQ0IyNkIyRTNDNzEyMTc2OUEzNEM4ODU0 ODA2QzM2M0ZDMTg5ODNEAAoJEEgGw2P8GJg9P5gP/11fxAttLj8JgNlfsckEbmjD lA3cmTU8khH9fhDlFWTXEfZS7XIBsXkMv619is4N5UvS/uGyKQa7D5nVGbVs8vzn /cHFhulqP7AXMN9z85bPJqFcJbdjwdDc+lAr2d+sahv+NZ0Ah+kfQkw5G/jm+drl zzQPr6rIxce55YeH6chc2hChs5vOvn/khxGfTk0uB1fp77Eqy9VhOz1lZN3S672h LeXQRPURyzw2ZBa/YWbLT9LpF2QAjTi1ajRAH/SIqw5ZspcAWo0tvIqo7dM1o7xx hC+ZkFjuu/sMXx4kSE6aj9qhRAmwEqz96r33twFEjflRJReJ2v6Vto8z+jirMyoP G7e0XtkfYJ9XfJ91KHsn6rqQu9Z3q174HUJPl46aUgDkNQpzSw7aFm/A1GeqT+HY UsRLDOAbnEBECRoKJW3dedjymFZr8Jy4/8mh+CapJ4jLbSvAP2W2S0G/ahTZ9NUO UXrr9Dij/XyjqxlG7otAiEHBMTd7y27j/LrKDWIh9Vn51jKGrzCV/xmAMjjL7SjJ jgML19rd6YBJDbWSEejDuWuzKzC1wMm44Y5Gkw3FguQtoY7nj0KP+ZJKN3o2HHyZ 5jvkiBEfayPM5Js4XvrP4Ny3mnbCV8OSWehd5Rnawoyl0ZaXufkYRDMkBJ2ABpZb UqD2cRRi7EYtrsndeJnE =9L6K -END PGP SIGNATURE- ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Updating the DNS Registration Model to Keep Pace with Today’s Internet
In message <6cb05d82ce245b4083bbf3b97e2ed47025f...@ait-pex01mbx01.win.dtu.dk>, Hugo Maxwell Connery writes: > The sad fact is that only a tiny fraction of IT professionals even understand > the importance of the NS record. > > It is the *definition* of who (what) controls a domain. > > I applaud CloudFlare in trying to improve customer service (and/or reduce cos > ts, depending on how you look at it). > > It is important that domain owners are aware of the supreme nature of the NS > record. They may choose to > hand that over for a, or many domains. Should relationships between major ho > sting/CDN providers and registrars (etc.) > be established to facilitate easier migrations of DNS operations, great. Per > haps even a standard for the process. > > But be careful. There be dragons here. Computers updating computers to cont > rol who controls the domains? Computers update computers all the time. It's about establishing the right controls. There is nothing technologically hard about giving someone the right to update just the NS records. > /Hugo Connery (Tech. Uni Denmark) > > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Updating the DNS Registration Model to Keep Pace with Today’s Internet
The sad fact is that only a tiny fraction of IT professionals even understand the importance of the NS record. It is the *definition* of who (what) controls a domain. I applaud CloudFlare in trying to improve customer service (and/or reduce costs, depending on how you look at it). It is important that domain owners are aware of the supreme nature of the NS record. They may choose to hand that over for a, or many domains. Should relationships between major hosting/CDN providers and registrars (etc.) be established to facilitate easier migrations of DNS operations, great. Perhaps even a standard for the process. But be careful. There be dragons here. Computers updating computers to control who controls the domains? /Hugo Connery (Tech. Uni Denmark) ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Updating the DNS Registration Model to Keep Pace with Today’s Internet
In message , Olafur Gudmundsson writes: > > > On Feb 5, 2015, at 11:58 AM, Stephane Bortzmeyer wrote: > > > > "CloudFlare is advocating to gain the ability to update NS records for > > our customers and address records associated with them using automated > > channels. Our goal is to be able to add and remove nameservers from > > customer domains without the customer being involved." Possible work > > for this working group? > > > > https://blog.cloudflare.com/updating-the-dns-registration-model-to-keep-pac > e-with-todays-internet/ > > > > Thanks Stephane, > > Possible work in DNSOP or as this may involve registries and registers > a new single topic WG might be the way to go. > It is, almost, too too late to ask for a BoF in Dallas, but if DNSOP can spen > d some time on > this topic and what it involves that would be great. IMHO > > Olafur It's not like support for automated updates hasn't been raised before but another attempt is always useful. Mark http://tools.ietf.org/id/draft-andrews-dnsop-update-parent-zones-04.txt -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Updating the DNS Registration Model to Keep Pace with Today’s Internet
> On Feb 5, 2015, at 11:58 AM, Stephane Bortzmeyer wrote: > > "CloudFlare is advocating to gain the ability to update NS records for > our customers and address records associated with them using automated > channels. Our goal is to be able to add and remove nameservers from > customer domains without the customer being involved." Possible work > for this working group? > > https://blog.cloudflare.com/updating-the-dns-registration-model-to-keep-pace-with-todays-internet/ > Thanks Stephane, Possible work in DNSOP or as this may involve registries and registers a new single topic WG might be the way to go. It is, almost, too too late to ask for a BoF in Dallas, but if DNSOP can spend some time on this topic and what it involves that would be great. IMHO Olafur ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
[DNSOP] Updating the DNS Registration Model to Keep Pace with Today’s Internet
"CloudFlare is advocating to gain the ability to update NS records for our customers and address records associated with them using automated channels. Our goal is to be able to add and remove nameservers from customer domains without the customer being involved." Possible work for this working group? https://blog.cloudflare.com/updating-the-dns-registration-model-to-keep-pace-with-todays-internet/ ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
