Re: [Dbound] Draft problem statement and IETF "bar BoF"
Casey Deccio <casey@deccio.net> Tue, 04 November 2014 19:57 UTC
Return-Path: <casey@deccio.net>
X-Original-To: dbound@ietfa.amsl.com
Delivered-To: dbound@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 660421A701D for <dbound@ietfa.amsl.com>; Tue, 4 Nov 2014 11:57:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.778
X-Spam-Level:
X-Spam-Status: No, score=-0.778 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_37=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PjEibE7t2yHd for <dbound@ietfa.amsl.com>; Tue, 4 Nov 2014 11:57:30 -0800 (PST)
Received: from mail-ie0-x229.google.com (mail-ie0-x229.google.com [IPv6:2607:f8b0:4001:c03::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 917341A7013 for <dbound@ietf.org>; Tue, 4 Nov 2014 11:57:30 -0800 (PST)
Received: by mail-ie0-f169.google.com with SMTP id tr6so8338479ieb.0 for <dbound@ietf.org>; Tue, 04 Nov 2014 11:57:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=deccio.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=28CRQ3DKQiuEOJkTWqFHCDrj0o438l80WJiJPW7tqxU=; b=L+VzUodU/fTgbKHvrBos/b3FQnmI1PedQK5Rk+Qr+ss8Xeu71yTRX7pB8il68VsPuj jpOrIlQ4fLyyFluj+vjqg0vzcTNhIwE1Qlk+Aek1xsGgg9swcIwklXL9oZ5UjmztSMko fNabn5Vz/E1gWmZ7YfFsfhzjjcF04GeLsB8SM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=28CRQ3DKQiuEOJkTWqFHCDrj0o438l80WJiJPW7tqxU=; b=KQ5gycZyk3vKu1VHBjtrJ25vHAhyKE/pqbmbFDx/nmInW++yMvTeg2Ta9Qz33fDECK beNqTWKrQQT+YUbJrM3KZquLehMt7D7IAG9KyDMdnAPBbpQ+1IN8Az6VgvMFduhIpnpH Z8og8SoGPipHMspyQ9IKVJilmz5iN3CiB8j6Ls9SjX29caH0RgD7UbKERzyJy4QeTNCV k07ZLuVhNdw1sSP3TN7XmhLbn8/d43qwiM7zGrfZPabEnCRubjErpdKb1D5/ye66tnk7 bjhRcaUVZlplaI5NxffYAhWV2NRLEaA94Ox/7LtiEFC3lSOOHnnpbn9ic94Tz5NZ0u+j k7ow==
X-Gm-Message-State: ALoCoQnM67fZgl/FPbtKqIBXteX7A2E7PlXLya5PDe/dCw9C5Smqt4cDdO4SE5ReV5kuAmqnjusR
MIME-Version: 1.0
X-Received: by 10.42.236.205 with SMTP id kl13mr119287icb.7.1415131049628; Tue, 04 Nov 2014 11:57:29 -0800 (PST)
Received: by 10.50.251.178 with HTTP; Tue, 4 Nov 2014 11:57:29 -0800 (PST)
In-Reply-To: <54591324.3040803@mozilla.org>
References: <CAEKtLiSxWgt2NV2r1aYcLJLJqLcVS1-+u+cOFrnaH6Mph98SzA@mail.gmail.com> <54591324.3040803@mozilla.org>
Date: Tue, 04 Nov 2014 14:57:29 -0500
Message-ID: <CAEKtLiTZziXQfFryHBn6=4+cGwbKyFFtk87Bv53mOM34Np3SRw@mail.gmail.com>
From: Casey Deccio <casey@deccio.net>
To: Gervase Markham <gerv@mozilla.org>
Content-Type: multipart/alternative; boundary="20cf302920fa8629cb05070ddf40"
Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/22pMjPtL1046qky-fdH_pkxV7M4
Cc: "dbound@ietf.org" <dbound@ietf.org>
Subject: Re: [Dbound] Draft problem statement and IETF "bar BoF"
X-BeenThere: dbound@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS tree bounds <dbound.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dbound>, <mailto:dbound-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dbound/>
List-Post: <mailto:dbound@ietf.org>
List-Help: <mailto:dbound-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dbound>, <mailto:dbound-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Nov 2014 19:57:33 -0000
Hi Gerv, Thanks for the feedback. On Tue, Nov 4, 2014 at 12:55 PM, Gervase Markham <gerv@mozilla.org> wrote: > On 04/11/14 15:42, Casey Deccio wrote: > > Please find attached a draft DBOUND problem statement, resulting from > > the action items taken at the bar BoF in Toronto on the same subject. > > Please take a read and comment on the document. There is probably a > > better format for this, but it's a start for now... > > Here are some comments: > > * Your "Contrived PSL Entries" table is a little sub-optimal, in that > one would never see those first two entries in the same PSL. > > example: example is public > *.example: All children of example are public > > The goal was for a simple demonstration of how it works, with minimal entries, but I can understand how the non-matching entry makes this a less effective example. I'll make some changes. Thanks for the feedback. Of course, future modifications make some of the remarks below moot, but just to be sure we're on the same page... > The first of these rules suggests that foo.example is private, the > second that it is public Well, technically the first rule only indicates the example is public. Whether or not foo.example is effectively private depends on the complete algorithm, not the stand-alone entry, correct? > Your Table 2 is therefore wrong, because the > PSL algorithm states that the longest matching rule applies, and so > foo.example is public, not private (by the second rule). > https://publicsuffix.org/list/ has the algorithm. > But there is a wildcard exception !foo.example (the third line), and the algorithm explicitly gives precedence to exceptions. Doesn't that mean the third entry (!foo.example) wins? In fact, I see this example on the public suffix site: ----- *.tokyo.jp !metro.tokyo.jp Cookies *may* be set for foo.bar.tokyo.jp. Cookies *may not* be set for bar.tokyo.jp. Cookies *may* be set for metro.tokyo.jp, because the exception overrides the previous rule. ----- I read this more generically as: ----- *.tokyo.jp !metro.tokyo.jp foo.bar.tokyo.jp is private bar.tokyo.jp is public metro.tokyo.jp is private ----- Isn't that the same as the following? ----- *.example !foo.example baz.bar.example is private bar.example is public foo.example is private ----- > Perhaps the rules are intended to stand as 3 standalone examples, but > that's not clear from the presentation. > I'll make the examples more clear. Thanks for the suggestions. > > * "When an SSL certificate is for a wildcard domain, the entire range of > names covered by the wildcard needs to be under the same control." > > It's not as simple as that. Google is allowed a cert for *.blogspot.com, > but by your definitions, foo.blogspot.com and bar.blogspot.com are not > under the same control. This is why the PSL is split into two sections - > "ICANN DOMAINS" and "PRIVATE DOMAINS". (Naming is hard.) > > In the document I've defined the terms more generically. If I understand correctly, "ICANN DOMAINS" translates to what are referred to in the document as "public domains in unbroken public scope", and "PRIVATE DOMAINS" translates to names "under islands of private scope" (referred to in the third paragraph of Section 3 and opening paragraph of Section 4). In the former case, each name in the ancestry is of public scope through the public boundary in question. In the latter case, there are one or more names of private scope prior to the public boundary in question. There are probably shorter/better terms for this. > I think that this issue, which is separate from the one in the paragraph > immediately above it, needs a little more elaboration. > > In the document I think you're suggesting that I note that (at least in the case of the SSL wildcard) the different types of public domains might be treated differently. > * The PSL was originally concieved by Mozilla community members, but is > positioned as a project for the benefit of the whole internet. The fact > that the canonical copy lives in the Firefox source code is an accident > of history, and something we are trying to change: > https://bugzilla.mozilla.org/show_bug.cgi?id=991749 > > And I think the list a great contribution. Thanks! Thanks also for the pointer to the bug reports. I was unaware of the efforts. > * "The issue of determining relationships between domains that are > lineally connected (i.e., one is an ancestor of another) and within the > same public/private scope is not addressed by the PSL" > > Actually, I think it is. If a fictional PSL had: > > example > foo.bar.example > > Then you would have example being public, bar.example being private, and > foo.bar.example being public. Or is that not what the quoted sentence is > saying? > The sentence is a bit cryptic. But what it means is the following. Given the following two domains, both "private" as far as PSL processing is concerned: sub.foo.example foo.example Are the two "related"? The PSL cannot tell us. It can only tell us (assuming entries are correct) that there is no public/private boundary between them. Casey
- [Dbound] Draft problem statement and IETF "bar Bo… Casey Deccio
- Re: [Dbound] Draft problem statement and IETF "ba… Casey Deccio
- Re: [Dbound] Draft problem statement and IETF "ba… Gervase Markham
- Re: [Dbound] Draft problem statement and IETF "ba… Jeffrey Walton
- Re: [Dbound] Draft problem statement and IETF "ba… Edward Lewis
- Re: [Dbound] Draft problem statement and IETF "ba… Casey Deccio
- Re: [Dbound] Draft problem statement and IETF "ba… Casey Deccio
- Re: [Dbound] Draft problem statement and IETF "ba… John Levine
- Re: [Dbound] Draft problem statement and IETF "ba… Gervase Markham
- Re: [Dbound] Draft problem statement and IETF "ba… Edward Lewis
- Re: [Dbound] Draft problem statement and IETF "ba… Andrew Sullivan
- Re: [Dbound] Draft problem statement and IETF "ba… Casey Deccio
- Re: [Dbound] Draft problem statement and IETF "ba… Edward Lewis
- Re: [Dbound] Draft problem statement and IETF "ba… Casey Deccio
- Re: [Dbound] Draft problem statement and IETF "ba… Casey Deccio
- Re: [Dbound] Draft problem statement and IETF "ba… Andrew Sullivan
- Re: [Dbound] Draft problem statement and IETF "ba… John Levine
- Re: [Dbound] Draft problem statement and IETF "ba… Jeffrey Walton
- Re: [Dbound] Draft problem statement and IETF "ba… Andrew Sullivan
- Re: [Dbound] Draft problem statement and IETF "ba… Jeffrey Walton
- Re: [Dbound] Draft problem statement and IETF "ba… Andrew Sullivan
- Re: [Dbound] Draft problem statement and IETF "ba… Edward Lewis
- Re: [Dbound] Draft problem statement and IETF "ba… Casey Deccio
- Re: [Dbound] Draft problem statement and IETF "ba… Casey Deccio
- Re: [Dbound] Draft problem statement and IETF "ba… Casey Deccio
- Re: [Dbound] Draft problem statement and IETF "ba… John R Levine
- Re: [Dbound] Draft problem statement and IETF "ba… Edward Lewis
- Re: [Dbound] Draft problem statement and IETF "ba… Jeffrey Walton
- Re: [Dbound] Draft problem statement and IETF "ba… John Levine
- Re: [Dbound] Draft problem statement and IETF "ba… Jeffrey Walton
- Re: [Dbound] Draft problem statement and IETF "ba… John R Levine
- Re: [Dbound] Draft problem statement and IETF "ba… Edward Lewis
- Re: [Dbound] Draft problem statement and IETF "ba… Andrew Sullivan
- Re: [Dbound] Draft problem statement and IETF "ba… Suzanne Woolf
- Re: [Dbound] Draft problem statement and IETF "ba… Jothan Frakes
- Re: [Dbound] Draft problem statement and IETF "ba… Jeffrey Walton
- Re: [Dbound] Draft problem statement and IETF "ba… Rubens Kuhl
- Re: [Dbound] Draft problem statement and IETF "ba… Edward Lewis
- Re: [Dbound] Draft problem statement and IETF "ba… Andrew Sullivan
- Re: [Dbound] Draft problem statement and IETF "ba… Andrew Sullivan
- Re: [Dbound] Draft problem statement and IETF "ba… Suzanne Woolf
- Re: [Dbound] Draft problem statement and IETF "ba… Jeffrey Walton
- Re: [Dbound] Draft problem statement and IETF "ba… John Levine
- Re: [Dbound] Draft problem statement and IETF "ba… Suzanne Woolf
- Re: [Dbound] Draft problem statement and IETF "ba… =JeffH
- Re: [Dbound] Draft problem statement and IETF "ba… Edward Lewis
- Re: [Dbound] Draft problem statement and IETF "ba… Dave Crocker
- Re: [Dbound] Draft problem statement and IETF "ba… Kurt Andersen
- Re: [Dbound] Draft problem statement and IETF "ba… Gervase Markham
- Re: [Dbound] Draft problem statement and IETF "ba… Kurt Andersen
- Re: [Dbound] Draft problem statement and IETF "ba… Casey Deccio
- Re: [Dbound] Draft problem statement and IETF "ba… Casey Deccio