[dbound] New draft revision / IETF discussion

Casey Deccio <casey@deccio.net> Fri, 01 July 2016 20:03 UTC

Return-Path: <casey@deccio.net>
X-Original-To: dbound@ietfa.amsl.com
Delivered-To: dbound@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 6B73712D7D1 for <dbound@ietfa.amsl.com>; Fri, 1 Jul 2016 13:03:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=deccio.net
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 8FfevAUKzk7d for <dbound@ietfa.amsl.com>; Fri, 1 Jul 2016 13:03:27 -0700 (PDT)
Received: from mail-vk0-x231.google.com (mail-vk0-x231.google.com [IPv6:2607:f8b0:400c:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8EB8E12D5BD for <dbound@ietf.org>; Fri, 1 Jul 2016 13:03:27 -0700 (PDT)
Received: by mail-vk0-x231.google.com with SMTP id c2so166681859vkg.1 for <dbound@ietf.org>; Fri, 01 Jul 2016 13:03:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=deccio.net; s=google; h=mime-version:from:date:message-id:subject:to; bh=Y+u7Kjo+IEQdleOSOp/mdR1yUB4t0xAUHfs0WBMOMqE=; b=Y+qR4hzlBGnHpx/BzvVO+xn+CDSfHfHyaoh81EP2MzQwXzuOY7vjo0nAKHf1+QQNvK V+OJrXkU7wSv6v4Q0HqTz8EWl0/Ru3cJBwmlcw8M3CjCE3sSH+Rl7j23QPzVWe6/2s9/ zaCICchI9eYrUQeEQciBqNMwaC9VUKA9Vr8mU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Y+u7Kjo+IEQdleOSOp/mdR1yUB4t0xAUHfs0WBMOMqE=; b=VPzQPC0WMsIIapWJZpi++agvwBrOtYk+WVK/ca+r21UfX+smzbh/2/vRAeH08A8qMd +cxBSt4sDSwIxZpa01CaCLReKVQHVfUwELmJBS0j//wNEszTAGRuhi4nVOnjrTvVOxCY eXbhfCmk/SkJGsXuU8P4zDqVmoN+ZmUhidHKTKlv0bbhf5XgpHZS6BO9UQqjKUIm95pV ZBxICh7+RyFINuusXlq9iElds9/T7Zv62rTQhOqmS8+PMjl91Q0EIqXI1ZWOwPLxeJ26 G02Z2qmWTdALnf5JKmpQJH3+JGR6GbmYlddzeSh+uKPuCL8mx3EJJ9w2YKNJ71DtBVJC uXqw==
X-Gm-Message-State: ALyK8tIQc7RReEEL20j3uMOVO6E6jRUZ60CXpT5hFcvb7bi/LpUUoJKUfE33lDBu4TvffjSq1+DIiGlgopWpaQ==
X-Received: by with SMTP id c200mr31804vkf.18.1467403406216; Fri, 01 Jul 2016 13:03:26 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Fri, 1 Jul 2016 13:03:25 -0700 (PDT)
From: Casey Deccio <casey@deccio.net>
Date: Fri, 1 Jul 2016 16:03:25 -0400
Message-ID: <CAEKtLiQr78m1SqKxa5xgBjt_pZUpRhzY_LheDSJgV8iGpHbcHQ@mail.gmail.com>
To: "dbound@ietf.org" <dbound@ietf.org>
Content-Type: multipart/alternative; boundary=001a1143ad7cc525d10536987a89
Archived-At: <https://mailarchive.ietf.org/arch/msg/dbound/rRs4EghKGxaxU3AFMCDRKHBkh3w>
Subject: [dbound] New draft revision / IETF discussion
X-BeenThere: dbound@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DNS tree bounds <dbound.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dbound>, <mailto:dbound-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dbound/>
List-Post: <mailto:dbound@ietf.org>
List-Help: <mailto:dbound-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dbound>, <mailto:dbound-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jul 2016 20:03:30 -0000

Hi all,

Revision 03 of draft-deccio-dbound-organizational-domain-policy has been

Name:        draft-deccio-dbound-organizational-domain-policy
> Revision:    03
> Title:        Organizational Domains and Use Policies for Domain Names
> Document date:    2016-07-01
> Group:        Individual Submission
> Pages:        22
> URL:
> https://www.ietf.org/internet-drafts/draft-deccio-dbound-organizational-domain-policy-03.txt
> Status:
> https://datatracker.ietf.org/doc/draft-deccio-dbound-organizational-domain-policy/
> Htmlized:
> https://tools.ietf.org/html/draft-deccio-dbound-organizational-domain-policy-03
> Diff:
> https://www.ietf.org/rfcdiff?url2=draft-deccio-dbound-organizational-domain-policy-03

A summary of the draft is below, including changes specific to the -03
revision.  Please note the text that addresses the recent focus proposed by
the working group chairs on the mailing list.

This draft provides:
 - A mechanism by which the DNS namespace domain names can be organized
hierarchically into organizational domains--independent of DNS
zone/administrative boundaries--with organizational boundaries.
Organizational boundary delineation is specified and detected in the DNS
using a special namespace convention for that purpose (using the "_odup"
label), and the protocol is specified in the draft.

- A placeholder for directives with which future policy information can be
specified.  Unlike previous revisions of the draft, which spelled out
directives, this version only spells out one (and even that one could be
removed, if desired).  This gives more focus to the organizational domain
aspect of the mechanism, which focus was proposed by the working group
chairs and generally agreed upon by the working group, on the mailing list

- Backwards compatibility with existing mechanisms--especially the Public
Suffix List.  The current mechanism can be derived from the Public Suffix
List, distributing policies among top-level domains.  Similarly, using the
+fetch directive, a Public Suffix List can be derived from policies
distributed among the top-level domains (and really from any list of
domains with policies that one might want to be consolidated into a single

- Flexibility to extend for future provisions (including additional policy
directives and cross-domain relationships).

- Performance optimizations from previous revisions.  The ODUP resolution
(lookup) mechanism has been been simplified, including requiring a reduced
number of DNS queries in common cases.

Code to demonstrate the functionality of the mechanism described in this
draft is here:


Additionally, some colleagues of mine have integrated ODUP logic into
OpenDMARC (i.e., to replace the Public Suffix List lookup) and the Mozilla
Firefox cookie service as proof-of-concept functionality.  The code/setup
are not publicly available at this time, but I would be happy to demo to
interested parties.

While DBOUND is not scheduled to meet in Berlin, I would suggest we have an
informal get-together.  Certainly addressing the chairs' recent request
about working focus would be an order of discussion.  Additionally, I would
be interested in describing the current state of this draft and how the
mechanism can be used to address DBOUND-related problems.