affiliated domains: DNS Administrative Boundaries from =JeffH on 2017-11-06 (public-webappsec@w3.org from November 2017)

From: =JeffH <Jeff.Hodges@KingsMountain.com>
Date: Mon, 6 Nov 2017 14:33:39 -0800
To: W3C WebAppSec WG <public-webappsec@w3.org>
Message-ID: <e84432ec-4b57-c6be-d3ee-9e2be54384f6@KingsMountain.com>

wrt affiliated domains, there has been thought on the problem over the 
past few years.

For example, here is the problem statement draft from the (stillborn, 
unfortunately) IETF DBound working group:

   DBOUND: DNS Administrative Boundaries Problem Statement
   https://tools.ietf.org/html/draft-sullivan-dbound-problem-statement


Additionally, Andrew Sullivan and I propose this resolution approach:

   Asserting DNS Administrative Boundaries Within DNS Zones
   https://tools.ietf.org/html/draft-sullivan-domain-policy-authority


The DBound working group folded (IMHO) due to gridlock, lack of a 
dedicated champion(s) to consistently drive the process, and lack of 
browser vendor interest. Essentially, this is a tough, 
subtle-but-important problem which does not have to be solved _today_. 
I.e., the present approach is "good enough (for now)". However, this 
problem  may be becoming more immediately salient?

HTH,

=JeffH

Received on Monday, 6 November 2017 22:34:21 UTC