Re: [Dbound] Draft problem statement and IETF "bar BoF"
Casey Deccio <casey@deccio.net> Tue, 04 November 2014 21:18 UTC
Return-Path: <casey@deccio.net>
X-Original-To: dbound@ietfa.amsl.com
Delivered-To: dbound@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 994231ACF7F for <dbound@ietfa.amsl.com>; Tue, 4 Nov 2014 13:18:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5c8R2imSE_qZ for <dbound@ietfa.amsl.com>; Tue, 4 Nov 2014 13:18:05 -0800 (PST)
Received: from mail-ie0-x22d.google.com (mail-ie0-x22d.google.com [IPv6:2607:f8b0:4001:c03::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E03981ACF6C for <dbound@ietf.org>; Tue, 4 Nov 2014 13:18:04 -0800 (PST)
Received: by mail-ie0-f173.google.com with SMTP id tr6so8437297ieb.32 for <dbound@ietf.org>; Tue, 04 Nov 2014 13:18:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=deccio.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=dcGMxn+XPCt6X2d1xbjvb4k2HsYB+228iRqo+U/QcVQ=; b=VCXoEVHkZAv/L94vWCzu6awyfKWuwB6DApOw3Pf5tg2wTyNz5q6b9oNVm92ckvabnq M0jE1AgIb9UCC82mxHoQLs2dQJGw3Ov01KTGn0TrkNqGt8tM/ZaL12WpoWcsNvgvNAfN /ZT5yeHqYM9ZGnPGK95AJG5XeFXQ7Gd4V69LI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=dcGMxn+XPCt6X2d1xbjvb4k2HsYB+228iRqo+U/QcVQ=; b=HD3Gto+RR8XE22udVm+D5HD5bxZzCth415Pq2YaQQdex4DTZQQ6vfwxJhiYbs17n3S EgZk1T06fXuTLxsy4n6vve8kPwBJ1ahCVETl4DCo3MiRsd9dw92TD6ydLJ+LWtORV3et H/Y7yVoFI6UL/BryeP7iYnrHngqk/dNyvIVh9R7rxUO849XGsby8JM2NXks2kngN+YrY tBz/p2COfH6Ou4ADGvdkov6cPY5Fr+AF2hLvxZYgwsaG3Mf5yFYlEXlcoaHp62WtmjCD +vPoCR+2BTuUnrvoliBymBgR/SU1wmkPHFbPtHoZ47wzL9i+bf8UkrOadi2lGv929T6j uZfQ==
X-Gm-Message-State: ALoCoQk/jJ+7kz+6BaUQXl5QjMLB0wr+6pGRQ2I2MO0CxDbasjuc4xe0w8BvKkHeTCUyeXTvO9ip
MIME-Version: 1.0
X-Received: by 10.107.46.29 with SMTP id i29mr861147ioo.73.1415135883951; Tue, 04 Nov 2014 13:18:03 -0800 (PST)
Received: by 10.50.251.178 with HTTP; Tue, 4 Nov 2014 13:18:03 -0800 (PST)
In-Reply-To: <D07E8E77.5405%edward.lewis@icann.org>
References: <CAEKtLiSxWgt2NV2r1aYcLJLJqLcVS1-+u+cOFrnaH6Mph98SzA@mail.gmail.com> <D07E8E77.5405%edward.lewis@icann.org>
Date: Tue, 04 Nov 2014 16:18:03 -0500
Message-ID: <CAEKtLiSJ2admBwMcoQum4LHjTQr252S9+XrJbhOkGLNkS-Q4wg@mail.gmail.com>
From: Casey Deccio <casey@deccio.net>
To: Edward Lewis <edward.lewis@icann.org>
Content-Type: multipart/alternative; boundary="001a113703b4ac180b05070eff80"
Archived-At: http://mailarchive.ietf.org/arch/msg/dbound/b-G3Lp9aPH4CjC_MNrI3c_yfcAE
Cc: "dbound@ietf.org" <dbound@ietf.org>
Subject: Re: [Dbound] Draft problem statement and IETF "bar BoF"
X-BeenThere: dbound@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS tree bounds <dbound.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dbound>, <mailto:dbound-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dbound/>
List-Post: <mailto:dbound@ietf.org>
List-Help: <mailto:dbound-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dbound>, <mailto:dbound-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Nov 2014 21:18:07 -0000
Hi Ed, On Tue, Nov 4, 2014 at 2:47 PM, Edward Lewis <edward.lewis@icann.org> wrote: > Thanks for writing this up. Now for the complaints. ;) > > :) > You lost me at the first sentence of 1.1.1. (Saying that more > dramatically than I mean to.) > > I don’t have a complete response to the paper. In the spirit that > provoking thoughts is better than not at this point, here are some: > > Fragment 1 > > I once believed that domain names were “dot-separated alphanumeric words” > but learned otherwise while working on the so-labeled clarifications on > wild cards. In order to being to understand how the DNS organism is > architected, one has to view this as a tree. And, ironically as I deal > increasingly with non-ASCII identifiers, there’s no dot "on the wire.” > (The root zone isn’t ‘.’, it’s a zero-valued byte.) > Good point. The introduction in this document was to provide consistent terminology sufficient to derive a model for understanding relationships between domain names. There is no talk of wire format, nor is there a need to go into those semantics, as this is all about namespace. The representation in this document is dot-separated labels. :) > > In section 1.1.2 an overly simplified view is given. Not all domains fit > neatly into the public and private bucket. Some top-level-domains are not > delegation only. > > For clarity, are you saying that for a single domain being public and private are not mutually exclusive, or are you saying that top-level domains are not all public? I agree with the latter statement, and I'm glad to offer more clarity in the document if it is misleading in this regard. > From these two comments my mind leads instantly into recommending that > this paper attempt to describe the problem from two very different > viewpoints. > > From the “system-to-be-messed-with” viewpoint, the nature of the DNS data > model as being first based on a tree structure must be respected as well > as a clear description of the management model based on the units of > zones. The DNS protocol permits management of resource record sets, > domain (nodes) as well as zones but does not permit management of a domain > (subtree). (By the latter, I mean that DNS does not manage ‘across' a > zone cut.) > This is a valid point. In this document I deliberately left zone cuts out of the definitions. The focus was on the problem of associating namespaces, independent of zones. Zone cut identification might be one of the solutions considered, but even public/private boundaries need not map consistently with zone cuts (in either direction), so the problem is about namespace. > From the “people-having-a-problem-to-solve” viewpoint, which you get to in > 1.1.3 and 1.1.4, I prefer replacing “related” with “equivalent” for a > specific purpose. (I’ve said that before, no need to belabor it now.) > For one, you talk about a parent/child relationship but there’s really no > such thing as that. A parent delegates the child, the child knows nothing > about it’s parent - there’s no “relationship” as far as the DNS protocol > is concerned. > Yes - but let's be clear that I'm establishing terminology for discussion of namespace (not DNS protocol) for the purposes of this document. > > Without giving this much thought, cross-domain relationships have been > historically significant, more so in operations than in the protocol. The > co-mingling of dotCom and dotNet bear this out. > > I’m concerned about the problem set-up because, your chances of solving > the problem are better if you’ve properly set up the problem. > Agreed. > > Fragment 2 > > What’s missing from the PSL is a discussion of the registry behind the > PSL. Looking strictly at the list of entries and concluding we just need > to make that work better is like saying a domain name registry is just a > DNS operator. I.e., how can you trust that the entries are legitimate? > I can't tell if this is a general comment or something specific to the document. The problem statement document is not intended to assess the content of the PSL--except to indicate the application of the model described in previous sections in the paper (e.g., third paragraph of section 3). The intent of the document is to define the problem and identify existing solutions. I make no conclusions. The question about the effectiveness of the PSL is partially addressed with the second bullet under "problem statement" in section 4. > Fragment 3 > > This is not related directly to the document, but comes from “Centralized > vs. Distributed…” One of the issues to think of is - how do we avoid > shared fate when we are looking for a new angle? I.e., the DNS > distribution model is great for doing just what the PSL wants, but placing > the PSL into the DNS is not helping. Grossly arguing this way - if we > expect someone to try to register a child and use it to fool people using > the parent, what’s to stop the child from giving out fraudulent > information? (This is a handwaving argument for why > what-ever-replaces-PSL should have some kind of separation from the DNS.) > > On the one hand, following the DNS tree is the best way to track who knows > where the boundaries are. On the other hand, that’s just the DNS > perspective talking. And with only one source working here, we aren’t > making corrupting the system any harder than doing nothing at all. > > (I’m assuming that all of this is rooted in a security concern related to > the authorization of some information to be applied/accessed/etc. > Therefore, the talk about corrupting, fooling, fraudulent...) > > The scope of the problem statement is just that--a statement of the problem. These are valid considerations for solutions to the problem, once the problem has been identified and defined. > Fragment 4 > > It’s possible that here are multiple goals here, with a common theme not > clearly defined. I see a desire to express the policies for a zone (not a > domain) from the registry to a relying party. This is one use case, not > the only, but one use case. This is also expressed in a DNS viewpoint. > > The relying party applications I can’t speak as well for. > > Fragment 5 > > I’m concerned about the mention of the gTLDs as being either “too much > detail” or “not enough detail.” The “new class” of TLDs is only special > in two respects - the rapidity that they appear and that they share a set > of operating principles. If by grouping them you default to grouping > ccTLDs and legacy gTLDs, you haven’t made a useful categorization. Until > we know what criteria we will use to divide the top-level domains, we > should hold off on this. > > It is admittedly brief and can be fleshed out, if it needs clarity. The intent was not to give a discourse on the new gTLDs or to make a grouping or categorization, but simply recognize that as gTLDs: 1) they fall into the "unbroken public scope from the TLD" category and thus are pertinent to the discussion of the problem (and solutions, including the PSL); 2) the total number of gTLDs has (and will continue to) increased dramatically with the delegation of the new gTLDs; and 3) their policies vary, just as with previous gTLDs. There are thus open questions of both complexity and scalability that should be considered as the problem is defined and solutions identified. Cheers, Casey
- [Dbound] Draft problem statement and IETF "bar Bo… Casey Deccio
- Re: [Dbound] Draft problem statement and IETF "ba… Casey Deccio
- Re: [Dbound] Draft problem statement and IETF "ba… Gervase Markham
- Re: [Dbound] Draft problem statement and IETF "ba… Jeffrey Walton
- Re: [Dbound] Draft problem statement and IETF "ba… Edward Lewis
- Re: [Dbound] Draft problem statement and IETF "ba… Casey Deccio
- Re: [Dbound] Draft problem statement and IETF "ba… Casey Deccio
- Re: [Dbound] Draft problem statement and IETF "ba… John Levine
- Re: [Dbound] Draft problem statement and IETF "ba… Gervase Markham
- Re: [Dbound] Draft problem statement and IETF "ba… Edward Lewis
- Re: [Dbound] Draft problem statement and IETF "ba… Andrew Sullivan
- Re: [Dbound] Draft problem statement and IETF "ba… Casey Deccio
- Re: [Dbound] Draft problem statement and IETF "ba… Edward Lewis
- Re: [Dbound] Draft problem statement and IETF "ba… Casey Deccio
- Re: [Dbound] Draft problem statement and IETF "ba… Casey Deccio
- Re: [Dbound] Draft problem statement and IETF "ba… Andrew Sullivan
- Re: [Dbound] Draft problem statement and IETF "ba… John Levine
- Re: [Dbound] Draft problem statement and IETF "ba… Jeffrey Walton
- Re: [Dbound] Draft problem statement and IETF "ba… Andrew Sullivan
- Re: [Dbound] Draft problem statement and IETF "ba… Jeffrey Walton
- Re: [Dbound] Draft problem statement and IETF "ba… Andrew Sullivan
- Re: [Dbound] Draft problem statement and IETF "ba… Edward Lewis
- Re: [Dbound] Draft problem statement and IETF "ba… Casey Deccio
- Re: [Dbound] Draft problem statement and IETF "ba… Casey Deccio
- Re: [Dbound] Draft problem statement and IETF "ba… Casey Deccio
- Re: [Dbound] Draft problem statement and IETF "ba… John R Levine
- Re: [Dbound] Draft problem statement and IETF "ba… Edward Lewis
- Re: [Dbound] Draft problem statement and IETF "ba… Jeffrey Walton
- Re: [Dbound] Draft problem statement and IETF "ba… John Levine
- Re: [Dbound] Draft problem statement and IETF "ba… Jeffrey Walton
- Re: [Dbound] Draft problem statement and IETF "ba… John R Levine
- Re: [Dbound] Draft problem statement and IETF "ba… Edward Lewis
- Re: [Dbound] Draft problem statement and IETF "ba… Andrew Sullivan
- Re: [Dbound] Draft problem statement and IETF "ba… Suzanne Woolf
- Re: [Dbound] Draft problem statement and IETF "ba… Jothan Frakes
- Re: [Dbound] Draft problem statement and IETF "ba… Jeffrey Walton
- Re: [Dbound] Draft problem statement and IETF "ba… Rubens Kuhl
- Re: [Dbound] Draft problem statement and IETF "ba… Edward Lewis
- Re: [Dbound] Draft problem statement and IETF "ba… Andrew Sullivan
- Re: [Dbound] Draft problem statement and IETF "ba… Andrew Sullivan
- Re: [Dbound] Draft problem statement and IETF "ba… Suzanne Woolf
- Re: [Dbound] Draft problem statement and IETF "ba… Jeffrey Walton
- Re: [Dbound] Draft problem statement and IETF "ba… John Levine
- Re: [Dbound] Draft problem statement and IETF "ba… Suzanne Woolf
- Re: [Dbound] Draft problem statement and IETF "ba… =JeffH
- Re: [Dbound] Draft problem statement and IETF "ba… Edward Lewis
- Re: [Dbound] Draft problem statement and IETF "ba… Dave Crocker
- Re: [Dbound] Draft problem statement and IETF "ba… Kurt Andersen
- Re: [Dbound] Draft problem statement and IETF "ba… Gervase Markham
- Re: [Dbound] Draft problem statement and IETF "ba… Kurt Andersen
- Re: [Dbound] Draft problem statement and IETF "ba… Casey Deccio
- Re: [Dbound] Draft problem statement and IETF "ba… Casey Deccio