Re: [apps-discuss] "finding registered domains"
Andrew Sullivan <ajs@anvilwalrusden.com> Tue, 12 March 2013 20:19 UTC
Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DD7E11E80F3 for <apps-discuss@ietfa.amsl.com>; Tue, 12 Mar 2013 13:19:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.518
X-Spam-Level:
X-Spam-Status: No, score=-0.518 tagged_above=-999 required=5 tests=[AWL=-0.278, BAYES_00=-2.599, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311, J_CHICKENPOX_38=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id asi5qPieB3fx for <apps-discuss@ietfa.amsl.com>; Tue, 12 Mar 2013 13:19:37 -0700 (PDT)
Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) by ietfa.amsl.com (Postfix) with ESMTP id B967B11E80E3 for <apps-discuss@ietf.org>; Tue, 12 Mar 2013 13:19:37 -0700 (PDT)
Received: from mx1.yitter.info (dhcp-2430.meeting.ietf.org [130.129.36.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id 354788A031 for <apps-discuss@ietf.org>; Tue, 12 Mar 2013 20:19:37 +0000 (UTC)
Date: Tue, 12 Mar 2013 16:19:15 -0400
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: apps-discuss@ietf.org
Message-ID: <20130312201915.GD41728@mx1.yitter.info>
References: <20130310042250.GE33497@mx1.yitter.info> <370C9BEB4DD6154FA963E2F79ADC6F2E2795D464@DEN-EXDDA-S12.corp.ebay.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <370C9BEB4DD6154FA963E2F79ADC6F2E2795D464@DEN-EXDDA-S12.corp.ebay.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [apps-discuss] "finding registered domains"
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 20:19:38 -0000
Brad, Thanks for your comments. Some more questions inline below. On Tue, Mar 12, 2013 at 02:23:18PM +0000, Hill, Brad wrote: > 2) I prefer the names-only version. I think the protocol / port issue is an unnecessary complication. Everyone seems to think that, and I'm relieved, so if there's another draft I'll remove that. > 3) I think if this is going to live in the DNS, it should respect > the structure of, and say things about, the DNS, rather than > describing a distinct and arbitrary overlay topology of > administrative trust relationships. Just to be careful here, no matter _what_ we do, we are describing an arbitrary overlay topology of administrative trust relationships. That is necessarily true, because the relationships that currently exist in the DNS are DNS-topological only. People are _used_ to the idea that names are related to one another in particular ways, and as a cultural fact that is mostly true; but in the not very distant past, it wasn't, and there's reason to suppose it might not obtain in the near future. > i) highly dynamic data that downstream consumers of a cached data set (web browsers) are not prepared to handle > ii) a very large amount of data that downstream consumers of a cached data set are not prepared to handle This issue had, I have to confess, never even occurred to me. You're quite right, however, that the design of the mechanism tends to encourage a default position of "don't trust, no need to look up," but the design of the cross-tree declaration will tend to encourage a large number of queries that are not broadly applicable and that will therefore not be very good cache candidates. For practical purposes, therefore, I'd be tempted to say that, in any SOPA record, the owner name must be related to the name in the RDATA as either an ancestor or a descendent (with the root label still being the special case of "not here"; of course, every name is related to the root label). > 4) I am also concerned with mixing the state of siblings as to > whether they share an administrative relationship with the parent or > not. Whether the depth in the DNS hierarchy is a "real" thing or > not, it has been treated as such and been a part of the web security > model for almost 20 years. The "walk towards the root until you > find a boundary, and all siblings are equal" procedures apply not > just for setting cookies, but to core JavaScript and therefore the > Same Origin Policy through a feature known as "domain lowering". I take very seriously the argument that there is an existing and widely-deployed model. I note, however, that the widely-deployed model is about to be thrown out anyway, regardless of how we feel about it. For a significant number of the new TLDs are so-called ".brand" TLDs, and I'm pretty sure that the operators of .megacorp are going to want to be able to set shared cookies in www.megacorp and product1.megacorp and so on. It seems to me, however, that we might need a way to make this sort of behaviour the default. The wildcard trick was intended to make that easy, but I'm not perfectly sure it will. Best, A -- Andrew Sullivan ajs@anvilwalrusden.com
- [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Patrik Fältström
- Re: [apps-discuss] "finding registered domains" Paul Hoffman
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Patrik Fältström
- Re: [apps-discuss] "finding registered domains" Phillip Hallam-Baker
- Re: [apps-discuss] "finding registered domains" Phillip Hallam-Baker
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" =JeffH
- Re: [apps-discuss] "finding registered domains" J. Trent Adams
- Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
- Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
- Re: [apps-discuss] "finding registered domains" Hill, Brad
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Phillip Hallam-Baker
- Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
- Re: [apps-discuss] "finding registered domains" John Levine
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Peter Saint-Andre
- Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" J. Trent Adams
- Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" MH Michael Hammer (5304)
- Re: [apps-discuss] "finding registered domains" Jiankang YAO
- Re: [apps-discuss] "finding registered domains" Phillip Hallam-Baker
- Re: [apps-discuss] "finding registered domains" John Levine
- Re: [apps-discuss] "finding registered domains" Phillip Hallam-Baker
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Hugo Salgado
- Re: [apps-discuss] "finding registered domains" Behnam Esfahbod
- Re: [apps-discuss] "finding registered domains" Hill, Brad
- Re: [apps-discuss] "finding registered domains" Hill, Brad
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Stephane Bortzmeyer
- Re: [apps-discuss] "finding registered domains" John R Levine
- Re: [apps-discuss] "finding registered domains" Stephane Bortzmeyer
- Re: [apps-discuss] "finding registered domains" John R Levine