Re: [apps-discuss] Proposed charter for DBOUND WG
"Martin J. Dürst" <duerst@it.aoyama.ac.jp> Wed, 03 December 2014 07:13 UTC
Return-Path: <duerst@it.aoyama.ac.jp>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2CB01A00B0 for <apps-discuss@ietfa.amsl.com>; Tue, 2 Dec 2014 23:13:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.199
X-Spam-Level:
X-Spam-Status: No, score=0.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o89Af5fq7TuI for <apps-discuss@ietfa.amsl.com>; Tue, 2 Dec 2014 23:13:04 -0800 (PST)
Received: from scintmta01-14.scbb.aoyama.ac.jp (scintmta01-14.scbb.aoyama.ac.jp [133.2.253.64]) by ietfa.amsl.com (Postfix) with ESMTP id 0ADA21A0092 for <apps-discuss@ietf.org>; Tue, 2 Dec 2014 23:13:04 -0800 (PST)
Received: from scmeg01-14.scbb.aoyama.ac.jp (scmse.scbb.aoyama.ac.jp [133.2.253.15]) by scintmta01-14.scbb.aoyama.ac.jp (Postfix) with ESMTP id 6F4AD32E534; Wed, 3 Dec 2014 16:12:19 +0900 (JST)
Received: from itmail2.it.aoyama.ac.jp (unknown [133.2.206.134]) by scmeg01-14.scbb.aoyama.ac.jp with smtp id 2d67_7ae8_c2d53f0f_a7db_451e_99c1_603c6a942366; Wed, 03 Dec 2014 16:12:18 +0900
Received: from [133.2.210.64] (unknown [133.2.210.64]) by itmail2.it.aoyama.ac.jp (Postfix) with ESMTP id C9EF2C0008; Wed, 3 Dec 2014 16:12:18 +0900 (JST)
Message-ID: <547EB7D1.3050607@it.aoyama.ac.jp>
Date: Wed, 03 Dec 2014 16:12:17 +0900
From: "\"Martin J. Dürst\"" <duerst@it.aoyama.ac.jp>
Organization: Aoyama Gakuin University
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: "Murray S. Kucherawy" <superuser@gmail.com>, IETF Apps Discuss <apps-discuss@ietf.org>
References: <CAL0qLwaVt+wkOLrgkgd+JPz848iWiQwyMBWWTZysRxY6fU+vaQ@mail.gmail.com>
In-Reply-To: <CAL0qLwaVt+wkOLrgkgd+JPz848iWiQwyMBWWTZysRxY6fU+vaQ@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/apps-discuss/krBzDWXO8eYPkrNLID8KudAoz_Y
Cc: "www-tag@w3.org" <www-tag@w3.org>
Subject: Re: [apps-discuss] Proposed charter for DBOUND WG
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss/>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Dec 2014 07:13:06 -0000
Hello Murray, Just a few points after a quick read-through. On 2014/12/03 01:59, Murray S. Kucherawy wrote: > Colleagues, > > Below is a proposed charter for a working group we're calling DBOUND, which > is seeking to solve the problem of finding a way to identify > administrative/organizational boundaries in the domain namespace. We'd > like to get some feedback from outside the team of people that's been > working on it. > > For the sake of tracking the feedback, please reply only to > apps-discuss@ietf.org with any comments you may have. I suggest to send this also to public-ietf-w3c@w3.org (W3C/IETF coordination list) and to www-tag@w3.org (W3C TAG public list), and to get the attention of people from the WHATWG. > -MSK, APPSAWG co-chair > > dbound charter The charter is extremely long. I suggest trying to shorten it. I'm sure it's possible. > Various Internet protocols and applications require some mechanism for > determining whether two domain names are related. A popular example is > the need to determine whether example.com and foo.example.com, or > evenexample.net, are subject to the same administrative control. To > humans, > the answer to this may be obvious. However, the Domain Name System (DNS), > which is the service that handles domain name queries, does not provide > the ability to mark these sorts of relationships. This makes it > impossible to discern relationships algorithmically. For example, the > right answer is not always "compare the rightmost two labels". > > The particular issue is that applications and organizations impose > policies and procedures that create additional structure in their use of > domain names. This creates many possible relationships that are not > evident in the names themselves or in the operational, public > representation of the names. > > Prior solutions for identifying relationships between domain names > have sought to use the DNS namespace and protocol to extract that > information when it isn't actually there; the concept of an administrative > boundary is by definition not present in the DNS. Relying on the DNS to > divine administrative structure thus renders such solutions unreliable and > unnecessarily constrained. For example, confirming or dismissing a > relationship between two domain names based on the existence of a zone > cut or common ancestry is often unfounded, and the notion of an upward > "tree walk" as a search mechanism is considered unacceptable. > > For the purposes of this work, domain names are approached as identifiers > used by organizations and services, independent of underlying protocols > or mechanisms. Specifically, the work will not propose any changes to > DNS protocols except the possible creation of new resource record types > (RRTYPES). Furthermore, we define an "organizational domain" to be a > name that is at the top of an administrative hierarchy, defining transition > from one "outside" administrative authority to another that is "inside" the > organization. > > Currently, the most well known solution in existence is the Public Suffix > List (PSL). The PSL is maintained by a Web browser producer and is kept > current by volunteers on a best-effort basis. It contains a list of points > in the hierarchical namespace at which registrations take place, and is > used to identify the boundary between so-called "public" names (below which > registrations can occur) and the private names (i.e., organizational names) > below them. When this list is inaccurate, it exposes a deviation from > reality that degrades service to some and can be exploited by others. Being > the de facto resource, and lacking a more comprehensive, alternative solution > for relationship identification, the functionality of the PSL has often been > misused to accomplish means beyond its capabilities. For example, there > is no way to confirm the relationship between two domain names, only > signal that there is or is not a public boundary between the two. > Additionally, there are questions about the scalability, central management, > and third-party management of the PSL as it currently exists. > > In terms of specific use cases: Within the realm of email, there is a > desire to link an arbitrary fully-qualified domain name (FQDN) to the > organizational domain name (at some point in the namespace above it), > in order to identify a deterministic location where some sort of statement > of policy regarding that FQDN can be found. With respect to the > web, there is a similar need to identify relationships between different > FQDNs, currently accomplished by comparing ancestries. However, there > is also desire to reliably identify relationships outside of the realm > and constraints of the namespace tree. > > Previous work such as Author Domain Signing Practices (ADSP; RFC5617), and > current work such as DMARC (draft-kucherawy-dmarc-base), would certainly > benefit from having this capability. > > The DBOUND working group will develop one or more solutions to this family > of problems. If possible, a unified solution will be developed. However, > the working group may discover that the email, web, equivalence, and What is 'equivalence' here? The word isn't used elsewhere. > possibly other problems require independent solutions, in which case the > working group will follow that path. The solutions may or may not involve > changes to the DNS, such as creation of new resource record types; in any > case, all such changes will be incremental only. This looks like it conflicts with a previous sentence, namely: > Specifically, the work will not propose any changes to > DNS protocols except the possible creation of new resource record types > (RRTYPES). If you write things only once, the charter gets shorter, and there are less conflicts :-). > This working group will not seek to amend the consuming protocols themselves > (i.e., any web or mail standards) without rechartering, and only after > completion of the base work. Any such work undertaken in parallel will > eeed to be done as individual or independent submissions, or in another 'eeed' -> 'need' Regards, Martin. > working group. > > Milestones: > - TBD > > Co-chairs: > - TBD > > > > _______________________________________________ > apps-discuss mailing list > apps-discuss@ietf.org > https://www.ietf.org/mailman/listinfo/apps-discuss >
- [apps-discuss] Proposed charter for DBOUND WG Murray S. Kucherawy
- Re: [apps-discuss] Proposed charter for DBOUND WG Martin J. Dürst
- Re: [apps-discuss] Proposed charter for DBOUND WG Dave Crocker
- Re: [apps-discuss] Proposed charter for DBOUND WG Dave Cridland
- Re: [apps-discuss] Proposed charter for DBOUND WG Mark Nottingham
- Re: [apps-discuss] Proposed charter for DBOUND WG Martin J. Dürst