Re: [apps-discuss] "finding registered domains"

Patrik Fältström <paf@frobbit.se> Sun, 10 March 2013 08:09 UTC

Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Patrik Fältström <paf@frobbit.se>
In-Reply-To: <20130310042250.GE33497@mx1.yitter.info>
Date: Sun, 10 Mar 2013 09:09:21 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <75239F19-93AF-40EF-A367-0E289A6D1269@frobbit.se>
References: <20130310042250.GE33497@mx1.yitter.info>
To: Andrew Sullivan <ajs@anvilwalrusden.com>
Cc: apps-discuss@ietf.org
Subject: Re: [apps-discuss] "finding registered domains"
Precedence: list

On 10 mar 2013, at 05:22, Andrew Sullivan <ajs@anvilwalrusden.com> wrote:

> In the APPSAWG meeting on Monday, the chairs have asked me to take
> five minutes on the subject: topic.  I thought I'd better send a note
> in preparation.
> 
> ICANN is in the process of awarding a little under 2000 new TLDs.
> Inspired, I believe, partly by that fact, Phill Hallam-Baker suggested
> a new DNS RRTYPE that would identify a name as a public suffix.
> Unfortunately, he fell ill and didn't have a chance to submit a draft
> on this.
> 
> I'm opposed to that particular idea, however, because I think I have
> proposed a more generic mechanism that would still work just as well
> for that use case, and also allow future refinements.  I've outlined
> that mechanism in
> http://tools.ietf.org/html/draft-sullivan-domain-origin-assert-02.

I must be tired or have not had enough coffee yet this sunday morning, but I can not really follow the text in your I-D. Not a complaint on the I-D, or the idea...

I feel two things are included in the proposal:

1. Whether for example cookies should be set on the domain name
2. Whether two (or more) domain names are within the same policy domain

I think the first is the most important issue. Similar ideas have been discussed around the "delegation only" discussions, but this is of course slightly different.

Early in the text I see:

> The idea is to foil the attempts of attackers in (for
> example) attackersite.co.tld from setting cookies for everyone in
> co.tld.

I feel that can be solved by having a resource record like this:

co.tld. IN SOPA 255

...where the value 255 implies no cookies, certificates or whatever is to be set for the owner co.tld. Other values than 255 can be allocated for other meanings.

This will be managed by either the owner of tld if there is no zone cut, or co.tld if there is a zone cut.

Maybe I am naive, but that I feel could be useful.

For the 2nd idea, to say whether two records belong to the same policy domain, hmm..., I must get more examples I think of what that is to be used for by third parties.

Maybe only the first problem should be solved (first)?

And of course, if I am completely off, just disregard this message.

   Patrik

[apps-discuss] "finding registered domains" Andrew Sullivan
Re: [apps-discuss] "finding registered domains" Patrik Fältström
Re: [apps-discuss] "finding registered domains" Paul Hoffman
Re: [apps-discuss] "finding registered domains" Andrew Sullivan
Re: [apps-discuss] "finding registered domains" Patrik Fältström
Re: [apps-discuss] "finding registered domains" Phillip Hallam-Baker
Re: [apps-discuss] "finding registered domains" Phillip Hallam-Baker
Re: [apps-discuss] "finding registered domains" Andrew Sullivan
Re: [apps-discuss] "finding registered domains" =JeffH
Re: [apps-discuss] "finding registered domains" J. Trent Adams
Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
Re: [apps-discuss] "finding registered domains" Andrew Sullivan
Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
Re: [apps-discuss] "finding registered domains" Hill, Brad
Re: [apps-discuss] "finding registered domains" Andrew Sullivan
Re: [apps-discuss] "finding registered domains" Phillip Hallam-Baker
Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
Re: [apps-discuss] "finding registered domains" John Levine
Re: [apps-discuss] "finding registered domains" Andrew Sullivan
Re: [apps-discuss] "finding registered domains" Andrew Sullivan
Re: [apps-discuss] "finding registered domains" Peter Saint-Andre
Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
Re: [apps-discuss] "finding registered domains" Andrew Sullivan
Re: [apps-discuss] "finding registered domains" Andrew Sullivan
Re: [apps-discuss] "finding registered domains" J. Trent Adams
Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
Re: [apps-discuss] "finding registered domains" Andrew Sullivan
Re: [apps-discuss] "finding registered domains" Andrew Sullivan
Re: [apps-discuss] "finding registered domains" MH Michael Hammer (5304)
Re: [apps-discuss] "finding registered domains" Jiankang YAO
Re: [apps-discuss] "finding registered domains" Phillip Hallam-Baker
Re: [apps-discuss] "finding registered domains" John Levine
Re: [apps-discuss] "finding registered domains" Phillip Hallam-Baker
Re: [apps-discuss] "finding registered domains" Andrew Sullivan
Re: [apps-discuss] "finding registered domains" Andrew Sullivan
Re: [apps-discuss] "finding registered domains" Hugo Salgado
Re: [apps-discuss] "finding registered domains" Behnam Esfahbod
Re: [apps-discuss] "finding registered domains" Hill, Brad
Re: [apps-discuss] "finding registered domains" Hill, Brad
Re: [apps-discuss] "finding registered domains" Andrew Sullivan
Re: [apps-discuss] "finding registered domains" Andrew Sullivan
Re: [apps-discuss] "finding registered domains" Andrew Sullivan
Re: [apps-discuss] "finding registered domains" Andrew Sullivan
Re: [apps-discuss] "finding registered domains" Stephane Bortzmeyer
Re: [apps-discuss] "finding registered domains" John R Levine
Re: [apps-discuss] "finding registered domains" Stephane Bortzmeyer
Re: [apps-discuss] "finding registered domains" John R Levine