Re: [apps-discuss] CONTEXTJ in TLD DNS-Labels (draft-liman-tld-names-05)

John C Klensin <john-ietf@jck.com> Tue, 19 July 2011 17:53 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A75121F87C2 for <apps-discuss@ietfa.amsl.com>; Tue, 19 Jul 2011 10:53:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.481
X-Spam-Level:
X-Spam-Status: No, score=-102.481 tagged_above=-999 required=5 tests=[AWL=-0.182, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Qb4cPG1jDrU for <apps-discuss@ietfa.amsl.com>; Tue, 19 Jul 2011 10:53:54 -0700 (PDT)
Received: from bs.jck.com (ns.jck.com [209.187.148.211]) by ietfa.amsl.com (Postfix) with ESMTP id B978421F87C5 for <apps-discuss@ietf.org>; Tue, 19 Jul 2011 10:53:53 -0700 (PDT)
Received: from [127.0.0.1] (helo=localhost) by bs.jck.com with esmtp (Exim 4.34) id 1QjEUL-000EkJ-8g; Tue, 19 Jul 2011 13:53:45 -0400
Date: Tue, 19 Jul 2011 13:53:44 -0400
From: John C Klensin <john-ietf@jck.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>, =?UTF-8?Q?Patrik_F=C3=A4ltstr=C3=B6m?= <patrik@frobbit.se>
Message-ID: <2E21B740FDAB4C150B4BB2FE@PST.JCK.COM>
In-Reply-To: <8159C20D-BF2B-42CB-9529-C870A2AD1572@vpnc.org>
References: <B464B2C6607E04FD0572AA74@192.168.1.128> <CANp6Ttw4MaAJy2VRvZ8929oBju9jL3b69PkSyFLi-SC4YaNTnw@mail.gmail.com> <5AC1318B-A219-4056-BD14-C90BEE85669E@frobbit.se> <8159C20D-BF2B-42CB-9529-C870A2AD1572@vpnc.org>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Cc: apps-discuss <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] CONTEXTJ in TLD DNS-Labels (draft-liman-tld-names-05)
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2011 17:53:54 -0000

--On Tuesday, July 19, 2011 07:55 -0700 Paul Hoffman
<paul.hoffman@vpnc.org> wrote:

>...
>>> 2. If ZWNJ is claimed to cause confusion and phishing
>>> problems beyond what is normally acceptable for other
>>>  symbols, it is up to the claimants to demonstrate this
>>>  claim.
>> 
>> Actually, no.
>...

> I am going to push back here, hard. The draft is about names
> used in exactly one zone, and that zone has exactly one
> administrator. Your statement about "_any_ context" is
> inappropriate for this draft.

That zone is also the root.   While asking narrow questions
about the "can you put something in and get it back out"
performance of the DNS produces a different answer, any
considerations of actually being able to use the DNS to navigate
the Internet do make the root particularly important and
different.  In particular, while one can imagine blacklisting an
entire TLD because of bad policies or bad behavior, the only way
to do that to the root is to find, organize, or configure an
alternate root.

> As a zone administrator considers what it can safely put in
> its zone, it follows policies. Most zone administrators in the
> world have no policies whatsoever, and thus the IETF should
> make it less likely that they will do something dangerous.
> However, that is not a concern for this zone administrator.
> They have policies up the wazoo and literally hundreds
> (probably thousands) of people helping make those policies and
> being sure they are implemented.

Hmm.  I don't know if you have been following the activities of
that particular zone administrator, but, its policies are
rarely, if ever, enforced.  In particular, top-level domains
(root entries) that have been created with restrictions on use
who have then decided to eliminate those restrictions have, as
far as I know without exception, been permitted to make those
changes.   The problem is especially severe with any TLD that
can claim linkage to a government because claims are made of
national sovereignty and the impossibility of applying or
enforcing any policy the zone administration doesn't like.

> So, for this draft, restrictions that are being made because
> that one administrator might make an unnoticed mistake are
> harmful. It is fine to give advice about security and
> stability; in fact, Patrik is already doing this in his role
> on SSAC. This draft, however, is exactly the wrong place to
> make statements that apply to any zone other than the one in
> the title.

Just to keep this in context, note that these restrictions are
not new or unique to the current zone adminstrator.  They are
relaxations of restrictions that go back well over 20 years.

     john