IETF Logo Mail Archive

[dbound] New version of draft-deccio-dbound-organizational-domain-policy

Casey Deccio <casey@deccio.net> Mon, 04 April 2016 12:39 UTC

Return-Path: <casey@deccio.net>
X-Original-To: dbound@ietfa.amsl.com
Delivered-To: dbound@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB43412D5E9 for <dbound@ietfa.amsl.com>; Mon, 4 Apr 2016 05:39:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=deccio.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y85y79ed7f5M for <dbound@ietfa.amsl.com>; Mon, 4 Apr 2016 05:39:07 -0700 (PDT)
Received: from mail-lf0-x22a.google.com (mail-lf0-x22a.google.com [IPv6:2a00:1450:4010:c07::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5603312D509 for <dbound@ietf.org>; Mon, 4 Apr 2016 05:39:07 -0700 (PDT)
Received: by mail-lf0-x22a.google.com with SMTP id g184so94150375lfb.3 for <dbound@ietf.org>; Mon, 04 Apr 2016 05:39:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=deccio.net; s=google; h=mime-version:date:message-id:subject:from:to; bh=/wS1g0R7T9aLDMhMJd9P1p5bSIooBehUwVkrcO1+p48=; b=ZM7PxgnUNsr/1s/TBs95PeeYE5hIqHu0vPCwEDAqbNCmgF/vTFaTbTLUSBp2iDQFmY E3CqvywpACGE+dtFqkJxp6y5u3upvrog3sALGm75i+faWvHeQ7Ez2ph5xLbe+YnwXFqx 6U8jAsesJ0bf82BjnsJEmT9s1Z6L2QzZYJebg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to; bh=/wS1g0R7T9aLDMhMJd9P1p5bSIooBehUwVkrcO1+p48=; b=FhRP4ciKLW7t6BjdeRQmtwWXyYEHUVDrgIl8tkHK5v/V6jMf4ByJSjNZZL1sn/G7TP SyaglQidg5bXwj4sjyczJQBeXqkhnEiAj0sdveBzVQ3rT7iTfMMbewLX4k19LzdONz5s Ar2T48013v2BE1rkh/eBIw0gQ2zvU/ew5jbpHTG8uVxou05pyzYT2WKBwzamILZFt0Hn BnVUuWmiLZPUnh3PmcOB63cM+ppZnWQtawbIZSCszbyOV7rh8kWdD251BLj3c3ChpqhW YDBnVucRr1S1rkqNjTTzasLOINnY845+soglsdCrsCCYXb51XMdLP0lA+yRt9rIfxTfo AAPA==
X-Gm-Message-State: AD7BkJJkreKDAK+nXMVmSw+6sf4agBzrDRPCH/0l0QBedXHS2ga1yVR98jKGBAGA54h6M6FSM23GkaHt1Agjxw==
MIME-Version: 1.0
X-Received: by 10.194.59.138 with SMTP id z10mr17642234wjq.74.1459773545285; Mon, 04 Apr 2016 05:39:05 -0700 (PDT)
Received: by 10.194.67.132 with HTTP; Mon, 4 Apr 2016 05:39:05 -0700 (PDT)
Date: Mon, 04 Apr 2016 08:39:05 -0400
Message-ID: <CAEKtLiTwQadBMvvX1PS_Rr6kYafPQn8wHCb94Uek-SdVRptKrQ@mail.gmail.com>
From: Casey Deccio <casey@deccio.net>
To: "dbound@ietf.org" <dbound@ietf.org>
Content-Type: multipart/alternative; boundary="047d7b86c8c09ea7dc052fa803c0"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dbound/oMXQmnpxDS_Vt9LzFPD9zuLUwHw>
Subject: [dbound] New version of draft-deccio-dbound-organizational-domain-policy
X-BeenThere: dbound@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DNS tree bounds <dbound.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dbound>, <mailto:dbound-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dbound/>
List-Post: <mailto:dbound@ietf.org>
List-Help: <mailto:dbound-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dbound>, <mailto:dbound-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2016 12:39:10 -0000

Hi all,

A new version of draft-deccio-dbound-organizational-domain-policy has been
uploaded.

References:
----
Name:        draft-deccio-dbound-organizational-domain-policy
Revision:    02
Title:        Organizational Domains and Use Policies for Domain Names
Document date:    2016-04-04
Group:        Individual Submission
Pages:        23
URL:
https://www.ietf.org/internet-drafts/draft-deccio-dbound-organizational-domain-policy-02.txt
Status:
https://datatracker.ietf.org/doc/draft-deccio-dbound-organizational-domain-policy/
Htmlized:
https://tools.ietf.org/html/draft-deccio-dbound-organizational-domain-policy-02
Diff:
https://www.ietf.org/rfcdiff?url2=draft-deccio-dbound-organizational-domain-policy-02

Key Differences:
----
Note that the biggest change between version 01 and 02 is the elimination
of the "_odup" TLD.  Instead, policies are published from the TLD and below.

General Notes about the Approach
----
The mechanism can be thought of as "policy" delegation.  Policy begins at
the TLD.  The _odup sub-domain is used for that, e.g., _odup.com.  Until
the point in which policy is delegated, policy is below the ODUP name at
hand (e.g., _odup.com -- where "com" is referred to as the organizational
domain).  Policies are either delegated either explicitly using "+org"
directives or by "relegation" using "+bound".  The former is like the use
of NS records to delegate namespace in the DNS; the latter says, "there is
an policy delegation boundary".  In either case, the result is that policy
is now handled by a new organizational domain.

The defaults were carefully considered to match existing behavior,
including cookie use, wildcard use, PSL use, etc.  One of the important
points is that child inherits policy from its organizational domain by
default, so every name doesn't need a policy (i.e., it gets it already from
its parent).  But it can have its own policy, if designated.  Or it can
become its own organizational domain, if appropriate, using "+org" or
"+bound".

The PSL can be used to build ODUP policies, and ODUP names can be used to
re-construct the PSL.  This was primarily designed both for backwards
compatibility and for smooth deployment and transition.  There is code to
try this out here:

https://github.com/verisign/odup

Please review and comment.  If you have questions, please let me know.

Casey

v2.23.0 | Report a Bug | By Email