Re: [dbound] Suggestion for Prague: let's try to converge on problem(s)
Casey Deccio <casey@deccio.net> Wed, 17 June 2015 18:48 UTC
Return-Path: <casey@deccio.net>
X-Original-To: dbound@ietfa.amsl.com
Delivered-To: dbound@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A6E41A86F5 for <dbound@ietfa.amsl.com>; Wed, 17 Jun 2015 11:48:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.521
X-Spam-Level:
X-Spam-Status: No, score=0.521 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u3vXxsq4dBAu for <dbound@ietfa.amsl.com>; Wed, 17 Jun 2015 11:48:17 -0700 (PDT)
Received: from mail-ie0-x22c.google.com (mail-ie0-x22c.google.com [IPv6:2607:f8b0:4001:c03::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3ED51A00CD for <dbound@ietf.org>; Wed, 17 Jun 2015 11:48:05 -0700 (PDT)
Received: by iecrd14 with SMTP id rd14so40044371iec.3 for <dbound@ietf.org>; Wed, 17 Jun 2015 11:48:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=deccio.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=mnW1GEg/3/yrOSFz4i9teqxvflCKMdiW/fbQwtweAGc=; b=iaq2U6jXF7ntPa/B6UO6reH1jlfusCtikg1yuNjLciTSUQhthhdPid9zkXcEs0SKsW if9Axu1BQf/yiEo3sB+9MgWbTuEEUFkgSpLDPVagbMS/XSqOY/KbbTG/fMWARRUSXz2G UaOuUwoVeE6v6qYC5iLY5xEe/daSDSREr1Vl4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=mnW1GEg/3/yrOSFz4i9teqxvflCKMdiW/fbQwtweAGc=; b=G+GHVdxfai5XavKd7vdevGY4dhTuC8mddgJIQMtHx2fKO1h+Q2rZ69eEnC7HgPTs5b BXK6OAfzOXMokvgiZWKJh8TrG89ap2qWg5H7f+M+fvIejoSl0ruIIYnE3cUq+gFgrACZ tZOPDKca8cKgWwsJ8YQ53/6mdRFkW5kCk9C5rFy2Z7G+eVBVPWAfUYHTPVKbqyzA/6FI l9lhX0zdnpCDEfHMpbEMXpaBvtrDwhjhDKrIZUuzzs8uSbiLQl5Z0EbASA4l1TMJpNFL CSJqXyUaANLMVnYhWdBLMKuNl/LRsiXiNjPCIeGzVRxfcDv3btXmdZQty2gFGUCR8Hwj e/HQ==
X-Gm-Message-State: ALoCoQlLRX1algwUAYGp8qrr+Dk/eHXNt59EQUE9tfBhpf+pIkqMIzxfqbSfrAshi6bhOTi3BykQ
MIME-Version: 1.0
X-Received: by 10.50.78.170 with SMTP id c10mr13098366igx.0.1434566885275; Wed, 17 Jun 2015 11:48:05 -0700 (PDT)
Received: by 10.50.178.162 with HTTP; Wed, 17 Jun 2015 11:48:05 -0700 (PDT)
In-Reply-To: <20150617153104.GD16823@anvilwalrusden.com>
References: <20150617153104.GD16823@anvilwalrusden.com>
Date: Wed, 17 Jun 2015 14:48:05 -0400
Message-ID: <CAEKtLiR-mDzCQnk46DGNp4A-hSpUtzmtt-aEzEd45XtE8VC-fA@mail.gmail.com>
From: Casey Deccio <casey@deccio.net>
To: Andrew Sullivan <ajs@anvilwalrusden.com>
Content-Type: multipart/alternative; boundary="089e0122e6889a95d60518bb2125"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dbound/tDvZ6ag5tSF-5xDxW8991ZP0jmc>
Cc: "dbound@ietf.org" <dbound@ietf.org>
Subject: Re: [dbound] Suggestion for Prague: let's try to converge on problem(s)
X-BeenThere: dbound@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS tree bounds <dbound.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dbound>, <mailto:dbound-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dbound/>
List-Post: <mailto:dbound@ietf.org>
List-Help: <mailto:dbound-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dbound>, <mailto:dbound-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jun 2015 18:48:20 -0000
Hi Andrew, Well said and proposed. Some additional comments inline. On Wed, Jun 17, 2015 at 11:31 AM, Andrew Sullivan <ajs@anvilwalrusden.com> wrote: > In my reading, draft-deccio-domain-name-relationships-00 starts with a > deep, fundamental division between "public" and (for want of a better > term) "private" domain names. I think it starts there because the > authors genuinely believe that the distinction is a fundamental one. > In my opinion, that stance reifies a distinction that is implicit to > the way the PSL has always worked into a distinction that is part of > the world. > Part of my reasoning for writing this draft is that I believe that the fundamental division between (currently called) public and private names, brought to light by the PSL, is a great asset in solving this problem. Understanding that division--and properly defining it--can help with identifying solution(s). That is not to say that the PSL is 100% accurate in implementing this distinction, nor is the PSL sufficient for determining policies. I am well aware of that. However, I argue that a line can be drawn through the breadth of the DNS namespace tree, above which names are not to be associated with names below, as far as policy relationships are concerned--even if those names above and below the line are administered by the same entity. If such is not true, then the line needs to be moved up until it is. Solutions have been proposed to more generally associate names for policy. Something of that nature is probably necessary. However, the proposals I've read thus far come with considerable complexity and high risk of "getting it wrong". It's not to say that they wouldn't work, and perhaps they can be improved within the working group to lower that risk. But the point of the boundary I'm referring to (and implemented, to some extent, by the PSL) is to cover many (most?) cases by simply identifying this boundary where the names in question are in relation to that boundary. If something cannot be determined with this boundary, other, more specific mechanisms, can be used to supplement. If someone doesn't want to use this boundary at all, then they simply move the line up, effectively making it "opt-in/opt-out". In other words, while the PSL concept is incomplete, there is a lot of good in it, and the ideas can exist even alongside other DBOUND solutions, to provide "sufficient" means for domain name policy, where other complexity is neither additionally useful nor desired. > By the same token, the important relationship between (for example) > co.uk and uk is not that they're both public, but the way the policy > relationship between those domains works (and how it might evolve over > time). > This all depends on what you want to know about them. But I would argue that for many (most?) cases the fact that they're both public is "sufficient". > My view is that this means we need a way to express these kinds of > relationships, but that one thing we _must_ be able to capture (or > perhaps emulate) the public/private distinction that is implicit in > the PSL now. > > Part of the reason I keep harping on this is because, if we're merely > going to produce a new way to express the same public/private > distinction we have now, there will be poor incentives to use or > deploy the new protocol. It imposes some costs, and if you don't get > anything better than the mechanism you already have then the > additional work will never be worth it. > I'll reiterate here, that while draft-deccio-domain-name-relationships-00 discusses public/private boundaries, neither the draft nor I am encouraging a solution that merely produces a new way to express the same public/private distinction--only that the distinction can be used to lift the complexity burden of other, more heavy-handed solutions, so dismissing the current paradigm entirely in order to get it "right" with one silver bullet solution is probably not the right way to go. Cheers, Casey
- [dbound] Suggestion for Prague: let's try to conv… Andrew Sullivan
- Re: [dbound] Suggestion for Prague: let's try to … John Levine
- Re: [dbound] Suggestion for Prague: let's try to … Gervase Markham
- Re: [dbound] Suggestion for Prague: let's try to … Casey Deccio
- Re: [dbound] Suggestion for Prague: let's try to … Andrew Sullivan
- Re: [dbound] Suggestion for Prague: let's try to … Jothan Frakes
- Re: [dbound] Suggestion for Prague: let's try to … Casey Deccio
- Re: [dbound] Suggestion for Prague: let's try to … John Levine
- Re: [dbound] Suggestion for Prague: let's try to … Casey Deccio