Re: [apps-discuss] "finding registered domains"
Phillip Hallam-Baker <hallam@gmail.com> Tue, 12 March 2013 19:51 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E30411E80F2 for <apps-discuss@ietfa.amsl.com>; Tue, 12 Mar 2013 12:51:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lq7nJfLyB-qp for <apps-discuss@ietfa.amsl.com>; Tue, 12 Mar 2013 12:51:24 -0700 (PDT)
Received: from mail-we0-x236.google.com (mail-we0-x236.google.com [IPv6:2a00:1450:400c:c03::236]) by ietfa.amsl.com (Postfix) with ESMTP id 2094911E8118 for <apps-discuss@ietf.org>; Tue, 12 Mar 2013 12:51:23 -0700 (PDT)
Received: by mail-we0-f182.google.com with SMTP id t57so239514wey.41 for <apps-discuss@ietf.org>; Tue, 12 Mar 2013 12:51:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=E0VF1MDKtuvbzUAmL98Ogi79ciSHeItWvJyFR6I31Xo=; b=JuJ8dZrJnBBgABsL8TwcuCq1ChmuqmvnUg6pEbCtXto6mc8IwTYYKZrISwtv6QWyQg ibsD5lv7nNzuMZeJa0y8Q4BvLY0BFE7hSY5py5QIYDT3MAr5hhC2m0AIT/C8ZpX5AIrY W41pKhDXnjUOsevX60klVVUWq9UfY4CIfTC7Y5R7olRAW+dPSRrsgX4cOtSL61hFe9nt pl47cEaCkixN8+HEXnN3aP6bn2ILqW0gOjo5oBZqHVys1Wpd9dyq9n3HD9wfAB38KWh+ SMu1vP9S1QaQjvblzDXMqK9D8T5oAmJVjaj98uZVB+Jaa+eWOsqUuzR1iOhyNAPILcG1 kd/Q==
MIME-Version: 1.0
X-Received: by 10.194.93.97 with SMTP id ct1mr29359461wjb.48.1363117883290; Tue, 12 Mar 2013 12:51:23 -0700 (PDT)
Received: by 10.194.11.71 with HTTP; Tue, 12 Mar 2013 12:51:23 -0700 (PDT)
In-Reply-To: <20130312184051.GE39324@mx1.yitter.info>
References: <20130310042250.GE33497@mx1.yitter.info> <7B65185F-2517-4800-AE6A-CBA88F8B5720@vpnc.org> <CAL0qLwaGY0TYOndAUgbVYG5qDKKfP2U5Wuc5+oBXgyJ_kz9wSg@mail.gmail.com> <CAL0qLwYq1bgUykCfPQz7tvMBsxyfXSyBDTQQp=VQPu=74v_G0w@mail.gmail.com> <20130311210857.GG38441@mx1.yitter.info> <CAL0qLwY9YyLpHF9XYbm5zCC1+3PzCtdcmgyC6eiQ-P7QBKiDyA@mail.gmail.com> <20130312184051.GE39324@mx1.yitter.info>
Date: Tue, 12 Mar 2013 15:51:23 -0400
Message-ID: <CAMm+Lwh1EC4v3ZRqd1osuam+O1Wwtc4ueVQuELXhAqJodUxF-w@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Andrew Sullivan <ajs@anvilwalrusden.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: apps-discuss@ietf.org
Subject: Re: [apps-discuss] "finding registered domains"
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 19:51:25 -0000
I was not there for John's comments but from what I gather of them second hand I completely disagree. It does not matter what the DNS was designed to do twenty years ago. That is a debate for historians. What the DNS was intended to be has never been the same as what people used it for or found value in. The fact that people use the DNS in ways that were not anticipated by the designers is not a bug, not something to be corrected. How the users of the Internet use the DNS is all that matters now. Telling people that they don't want to do what they are trying to do is silly and insulting. There is an implicit administrative hierarchy in DNS. There is a real world distinction between DNS delegations that are private and those that are public. The applications layer of the Internet has built on those assumptions for the past twenty years What would be a mistake is to propose the use of any infrastructure that is not DNS to publish authoritative statements about DNS names. That would be a violation of the Internet architecture. Please, no more talk about WEIRDS or whatever other protocol someone might see a chance to find a use case for. I do not need the full capabilities expressed in Andrew's draft. In fact I only need two statements, both of which could be specified in a new DNS RR or if we don't want to add new RRs we could even use the existing CAA record and express them as properties. The properties I need to be able to express in a domain are: PUBLIC - This domain is a public delegation point PRIVATE - This domain is not a public delegation point EXCLUDED - This domain is excluded from the enclosing private space. So taking the example of ai.mit.edu we would have: edu PUBLIC mit.edu PRIVATE ai.mit.edu EXCLUDED edu is a public delegation point. Anyone with a school can get a domain. mit.edu has domains registered below it but it is not a public delegation point. You have to be affiliated to MIT to get a domain. There is an accountability infrastructure in place. ai.mit.edu was a sub domain but one that always had a separate network administration which might mean that it was appropriate for it to be declared as being separate from the rest of the *.mit.edu space so that cross site issues were avoided in both directions. Note that all the above information are simple statements of fact that the administrators of the domain might make. Interpretation of those statements is a completely different matter. The mere fact that a domain has an assertion in the DNS at issue time does not mean that I am automatically going to rely on it when issuing certificates. We crawl the web constantly. If the information being published now is inconsistent with the information published consistently for the past 4 years, that may require a closer look. I would expect that the information proposed would be used to inform the compilation of 'public prefix lists' but those are going to remain a curated resource. Publication in DNS is not ideal but a lot better than an open access wiki (see error 81). We have in the next 12 months an opportunity to tell ICANN that we would like the winners of the new TLDs to publish records declaring the public delegation points. This has essentially zero cost to ICANN but allows the maintenance of public prefix lists to scale in the wake of the TLD expansion. All that is necessary to make that happen is to provide a clear and simple specification for those TLD operators to deploy. If we miss that window it will be a lot harder. When I started this note I was thinking that re-use of CAA was a bit of a hack. But considering the fact that the division between public and private was one of the main design issues we ended up having problems with, it actually looks like a pretty clean fit to me right now.
- [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Patrik Fältström
- Re: [apps-discuss] "finding registered domains" Paul Hoffman
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Patrik Fältström
- Re: [apps-discuss] "finding registered domains" Phillip Hallam-Baker
- Re: [apps-discuss] "finding registered domains" Phillip Hallam-Baker
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" =JeffH
- Re: [apps-discuss] "finding registered domains" J. Trent Adams
- Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
- Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
- Re: [apps-discuss] "finding registered domains" Hill, Brad
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Phillip Hallam-Baker
- Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
- Re: [apps-discuss] "finding registered domains" John Levine
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Peter Saint-Andre
- Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" J. Trent Adams
- Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" MH Michael Hammer (5304)
- Re: [apps-discuss] "finding registered domains" Jiankang YAO
- Re: [apps-discuss] "finding registered domains" Phillip Hallam-Baker
- Re: [apps-discuss] "finding registered domains" John Levine
- Re: [apps-discuss] "finding registered domains" Phillip Hallam-Baker
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Hugo Salgado
- Re: [apps-discuss] "finding registered domains" Behnam Esfahbod
- Re: [apps-discuss] "finding registered domains" Hill, Brad
- Re: [apps-discuss] "finding registered domains" Hill, Brad
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Stephane Bortzmeyer
- Re: [apps-discuss] "finding registered domains" John R Levine
- Re: [apps-discuss] "finding registered domains" Stephane Bortzmeyer
- Re: [apps-discuss] "finding registered domains" John R Levine