Re: [apps-discuss] "finding registered domains"
Phillip Hallam-Baker <hallam@gmail.com> Wed, 13 March 2013 17:20 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8674A21F8C82 for <apps-discuss@ietfa.amsl.com>; Wed, 13 Mar 2013 10:20:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.149
X-Spam-Level:
X-Spam-Status: No, score=-3.149 tagged_above=-999 required=5 tests=[AWL=0.450, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X88nVTbnKOKU for <apps-discuss@ietfa.amsl.com>; Wed, 13 Mar 2013 10:20:44 -0700 (PDT)
Received: from mail-wg0-f46.google.com (mail-wg0-f46.google.com [74.125.82.46]) by ietfa.amsl.com (Postfix) with ESMTP id 3AE3B21F8507 for <apps-discuss@ietf.org>; Wed, 13 Mar 2013 10:20:44 -0700 (PDT)
Received: by mail-wg0-f46.google.com with SMTP id fg15so1172560wgb.1 for <apps-discuss@ietf.org>; Wed, 13 Mar 2013 10:20:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=dZuhjHJS8+lQC00mCe+IUZiQixjKmnZbpKl3al7TJLM=; b=w6sJ1UmNjBfC0fnNn8aiiP3AjLXj6HxUc3b/mrqGy2HpJbeZAMLHxPgbhoor5QbLHF OtKYe7jTYWL8bhisjK+S3jBrfpruacLX5QxhLUq+huqA/6aPbEQ3rDX+jaH0yc5QnrPo 4w4S4qYZ8ZPHxVPAc9a8J9prg8EibqMj47gx8sF0v4YLqEn626PtQeFsQbVsHdb0I2j9 oIZhNAmPpK0e/iM7ykHLdfTzWa+2SKnPhLkdU5SwVVQbG2TgmD/60J33FXXCgps/4kcg 5I7P8LZPhd8kQCKQm1v8Fxdg2l9pjWgAQr6/7cwcGbNh/4aN3kd+DOEOmWFXdgFXQ4ey 4wyg==
MIME-Version: 1.0
X-Received: by 10.180.74.131 with SMTP id t3mr28337143wiv.26.1363195243177; Wed, 13 Mar 2013 10:20:43 -0700 (PDT)
Received: by 10.194.11.71 with HTTP; Wed, 13 Mar 2013 10:20:42 -0700 (PDT)
In-Reply-To: <20130313144321.37307.qmail@joyce.lan>
References: <83AFF07DE0F646C0860A0631F973E9D1@LENOVO47E041CF> <20130313144321.37307.qmail@joyce.lan>
Date: Wed, 13 Mar 2013 13:20:42 -0400
Message-ID: <CAMm+LwizGFr7RgtUFGjtJufRywtf0AJsVYO19TiwoN-SzJgyfA@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: John Levine <johnl@taugh.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: apps-discuss@ietf.org
Subject: Re: [apps-discuss] "finding registered domains"
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2013 17:20:46 -0000
On Wed, Mar 13, 2013 at 10:43 AM, John Levine <johnl@taugh.com> wrote: >>I am still not very clear about what the problem is and what the possilbe solution is. >> >> Could you kindly summarize it in one or two sentences ? > > I agree that use cases would help a lot. The ones I'm aware of are: +1 The presentation of the information in DNS terms is trivial. The whole problem is knowing what information to present and why. > * Web cookies: limit how high up the DNS tree a site can promote its cookies. Also prevent cookie sharing across subtrees, especially to reduce cross site contamination issues when some parts of a tree are outsourced. HTTP is not the only protocol with cookies. There are application level cookies as well. Rule 81 applies here and probably provides grounds for a corollary. So if I outsource management of my shopping cart to a payment processor and my Web site to a cheap hosting service I probably don't want cookies set on one to be visible on the other. My view is that anything more complex than defining a domain subtree as a distinct administrative region from all others is going to be too complex to implement securely. > * DMARC and other mail authentication: find policy documents for a > domain given one of its subdomains > > * SSL/TLS certificates: prevent certificate issue for names at or above public > delegation points Actually VeriSign would be perfectly entitled to obtain an SSL certificate off a public root for .com What would be *BAD* would be *.com The use made of the public suffix list is rather more however. If someone is applying for a.b.c.d.e.f.g.h.i.example.com it probably does not have an email server on it. It might even be an appliance that does not have SMTP capability. Sending an email to check ownership of the domain is not going to work. The email would have to go to admin@example.com. Regardless of what the DNS mythology claims, the DNS administrator of example.com has complete control over the subtree beneath it. That is how the DNS is designed. If the owner of a.b.c.d.e.f.g.h.i.example.com wants independence from example.com they have only one route and that is to buy a domain of their own. So while there are other applications where you might want to treat different parts of the subtree as independent administrative domains (ai.mit.edu might not want to share cookies with lcs.mit.edu) that is not the case for CAs. > * Variants: state that two parallel names are under the same management (has > issues different from the previous three) That would be an interesting and useful problem but I really don't want to commit to going down that rathole. That looks to me like something that might suggest that we need to think about an extensible approach. > R's, > John > _______________________________________________ > apps-discuss mailing list > apps-discuss@ietf.org > https://www.ietf.org/mailman/listinfo/apps-discuss -- Website: http://hallambaker.com/
- [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Patrik Fältström
- Re: [apps-discuss] "finding registered domains" Paul Hoffman
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Patrik Fältström
- Re: [apps-discuss] "finding registered domains" Phillip Hallam-Baker
- Re: [apps-discuss] "finding registered domains" Phillip Hallam-Baker
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" =JeffH
- Re: [apps-discuss] "finding registered domains" J. Trent Adams
- Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
- Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
- Re: [apps-discuss] "finding registered domains" Hill, Brad
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Phillip Hallam-Baker
- Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
- Re: [apps-discuss] "finding registered domains" John Levine
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Peter Saint-Andre
- Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" J. Trent Adams
- Re: [apps-discuss] "finding registered domains" Murray S. Kucherawy
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" MH Michael Hammer (5304)
- Re: [apps-discuss] "finding registered domains" Jiankang YAO
- Re: [apps-discuss] "finding registered domains" Phillip Hallam-Baker
- Re: [apps-discuss] "finding registered domains" John Levine
- Re: [apps-discuss] "finding registered domains" Phillip Hallam-Baker
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Hugo Salgado
- Re: [apps-discuss] "finding registered domains" Behnam Esfahbod
- Re: [apps-discuss] "finding registered domains" Hill, Brad
- Re: [apps-discuss] "finding registered domains" Hill, Brad
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Andrew Sullivan
- Re: [apps-discuss] "finding registered domains" Stephane Bortzmeyer
- Re: [apps-discuss] "finding registered domains" John R Levine
- Re: [apps-discuss] "finding registered domains" Stephane Bortzmeyer
- Re: [apps-discuss] "finding registered domains" John R Levine