IETF Logo Mail Archive

Re: [dbound] Suggestion for Prague: let's try to converge on problem(s)

Casey Deccio <casey@deccio.net> Wed, 17 June 2015 18:48 UTC

Return-Path: <casey@deccio.net>
X-Original-To: dbound@ietfa.amsl.com
Delivered-To: dbound@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A6E41A86F5 for <dbound@ietfa.amsl.com>; Wed, 17 Jun 2015 11:48:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.521
X-Spam-Level:
X-Spam-Status: No, score=0.521 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u3vXxsq4dBAu for <dbound@ietfa.amsl.com>; Wed, 17 Jun 2015 11:48:17 -0700 (PDT)
Received: from mail-ie0-x22c.google.com (mail-ie0-x22c.google.com [IPv6:2607:f8b0:4001:c03::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3ED51A00CD for <dbound@ietf.org>; Wed, 17 Jun 2015 11:48:05 -0700 (PDT)
Received: by iecrd14 with SMTP id rd14so40044371iec.3 for <dbound@ietf.org>; Wed, 17 Jun 2015 11:48:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=deccio.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=mnW1GEg/3/yrOSFz4i9teqxvflCKMdiW/fbQwtweAGc=; b=iaq2U6jXF7ntPa/B6UO6reH1jlfusCtikg1yuNjLciTSUQhthhdPid9zkXcEs0SKsW if9Axu1BQf/yiEo3sB+9MgWbTuEEUFkgSpLDPVagbMS/XSqOY/KbbTG/fMWARRUSXz2G UaOuUwoVeE6v6qYC5iLY5xEe/daSDSREr1Vl4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=mnW1GEg/3/yrOSFz4i9teqxvflCKMdiW/fbQwtweAGc=; b=G+GHVdxfai5XavKd7vdevGY4dhTuC8mddgJIQMtHx2fKO1h+Q2rZ69eEnC7HgPTs5b BXK6OAfzOXMokvgiZWKJh8TrG89ap2qWg5H7f+M+fvIejoSl0ruIIYnE3cUq+gFgrACZ tZOPDKca8cKgWwsJ8YQ53/6mdRFkW5kCk9C5rFy2Z7G+eVBVPWAfUYHTPVKbqyzA/6FI l9lhX0zdnpCDEfHMpbEMXpaBvtrDwhjhDKrIZUuzzs8uSbiLQl5Z0EbASA4l1TMJpNFL CSJqXyUaANLMVnYhWdBLMKuNl/LRsiXiNjPCIeGzVRxfcDv3btXmdZQty2gFGUCR8Hwj e/HQ==
X-Gm-Message-State: ALoCoQlLRX1algwUAYGp8qrr+Dk/eHXNt59EQUE9tfBhpf+pIkqMIzxfqbSfrAshi6bhOTi3BykQ
MIME-Version: 1.0
X-Received: by 10.50.78.170 with SMTP id c10mr13098366igx.0.1434566885275; Wed, 17 Jun 2015 11:48:05 -0700 (PDT)
Received: by 10.50.178.162 with HTTP; Wed, 17 Jun 2015 11:48:05 -0700 (PDT)
In-Reply-To: <20150617153104.GD16823@anvilwalrusden.com>
References: <20150617153104.GD16823@anvilwalrusden.com>
Date: Wed, 17 Jun 2015 14:48:05 -0400
Message-ID: <CAEKtLiR-mDzCQnk46DGNp4A-hSpUtzmtt-aEzEd45XtE8VC-fA@mail.gmail.com>
From: Casey Deccio <casey@deccio.net>
To: Andrew Sullivan <ajs@anvilwalrusden.com>
Content-Type: multipart/alternative; boundary="089e0122e6889a95d60518bb2125"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dbound/tDvZ6ag5tSF-5xDxW8991ZP0jmc>
Cc: "dbound@ietf.org" <dbound@ietf.org>
Subject: Re: [dbound] Suggestion for Prague: let's try to converge on problem(s)
X-BeenThere: dbound@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS tree bounds <dbound.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dbound>, <mailto:dbound-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dbound/>
List-Post: <mailto:dbound@ietf.org>
List-Help: <mailto:dbound-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dbound>, <mailto:dbound-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jun 2015 18:48:20 -0000

Hi Andrew,

Well said and proposed.

Some additional comments inline.

On Wed, Jun 17, 2015 at 11:31 AM, Andrew Sullivan <ajs@anvilwalrusden.com>
wrote:

> In my reading, draft-deccio-domain-name-relationships-00 starts with a
> deep, fundamental division between "public" and (for want of a better
> term) "private" domain names.  I think it starts there because the
> authors genuinely believe that the distinction is a fundamental one.
> In my opinion, that stance reifies a distinction that is implicit to
> the way the PSL has always worked into a distinction that is part of
> the world.
>

Part of my reasoning for writing this draft is that I believe that the
fundamental division between (currently called) public and private names,
brought to light by the PSL, is a great asset in solving this problem.
Understanding that division--and properly defining it--can help with
identifying solution(s).  That is not to say that the PSL is 100% accurate
in implementing this distinction, nor is the PSL sufficient for determining
policies.  I am well aware of that.  However, I argue that a line can be
drawn through the breadth of the DNS namespace tree, above which names are
not to be associated with names below, as far as policy relationships are
concerned--even if those names above and below the line are administered by
the same entity.  If such is not true, then the line needs to be moved up
until it is.

Solutions have been proposed to more generally associate names for policy.
Something of that nature is probably necessary.  However, the proposals
I've read thus far come with considerable complexity and high risk of
"getting it wrong".  It's not to say that they wouldn't work, and perhaps
they can be improved within the working group to lower that risk.  But the
point of the boundary I'm referring to (and implemented, to some extent, by
the PSL) is to cover many (most?) cases by simply identifying this boundary
where the names in question are in relation to that boundary.  If something
cannot be determined with this boundary, other, more specific mechanisms,
can be used to supplement.  If someone doesn't want to use this boundary at
all, then they simply move the line up, effectively making it
"opt-in/opt-out".

In other words, while the PSL concept is incomplete, there is a lot of good
in it, and the ideas can exist even alongside other DBOUND solutions, to
provide "sufficient" means for domain name policy, where other complexity
is neither additionally useful nor desired.


> By the same token, the important relationship between (for example)
> co.uk and uk is not that they're both public, but the way the policy
> relationship between those domains works (and how it might evolve over
> time).
>

This all depends on what you want to know about them.  But I would argue
that for many (most?) cases the fact that they're both public is
"sufficient".


> My view is that this means we need a way to express these kinds of
> relationships, but that one thing we _must_ be able to capture (or
> perhaps emulate) the public/private distinction that is implicit in
> the PSL now.
>
> Part of the reason I keep harping on this is because, if we're merely
> going to produce a new way to express the same public/private
> distinction we have now, there will be poor incentives to use or
> deploy the new protocol.  It imposes some costs, and if you don't get
> anything better than the mechanism you already have then the
> additional work will never be worth it.
>

I'll reiterate here, that while draft-deccio-domain-name-relationships-00
discusses public/private boundaries, neither the draft nor I am encouraging
a solution that merely produces a new way to express the same
public/private distinction--only that the distinction can be used to lift
the complexity burden of other, more heavy-handed solutions, so dismissing
the current paradigm entirely in order to get it "right" with one silver
bullet solution is probably not the right way to go.

Cheers,
Casey

v2.23.0 | Report a Bug | By Email