IETF Logo Mail Archive

[dd] DBOUND scope

Ben Schwartz <bemasc@meta.com> Tue, 19 March 2024 02:54 UTC

Return-Path: <prvs=8808b73314=bemasc@meta.com>
X-Original-To: dd@ietfa.amsl.com
Delivered-To: dd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9075C14F600 for <dd@ietfa.amsl.com>; Mon, 18 Mar 2024 19:54:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.804
X-Spam-Level:
X-Spam-Status: No, score=-2.804 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=meta.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RLe-W2N5oXyF for <dd@ietfa.amsl.com>; Mon, 18 Mar 2024 19:54:51 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0b-00082601.pphosted.com [67.231.153.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9831C14F721 for <dd@ietf.org>; Mon, 18 Mar 2024 19:53:38 -0700 (PDT)
Received: from pps.filterd (m0089730.ppops.net [127.0.0.1]) by m0089730.ppops.net (8.17.1.19/8.17.1.19) with ESMTP id 42INIJtT014199 for <dd@ietf.org>; Mon, 18 Mar 2024 19:53:37 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meta.com; h=from : to : subject : date : message-id : content-type : mime-version; s=s2048-2021-q4; bh=KeG5o/DF9BahT9F1SsWUqnHWiUgi7BnG/NtS++KWJog=; b=KcKACHolNSsxiizKZRX6eUFuu1YxrA55f/YheBYVmr0gZF5woDC+JvTN5v5rw1srt108 H5mtd5IafTODlKnFDKOqPg6r+OFa4ZaFK4fcuguOX3UCnl3TFzWIQRQbqKFiOCJw5qlB UlzltlLpULsx7bQb+yEPbADCmTEJT4smmIqlhws8gCTzrLdjWFD6dJZKvl1q+NEH4yI9 wUh6RSScbSfxhYeYMdIkmyJS1pfzZho18nC/79di9lRuMGqsaa/WvjHwFVy84B/DkiPw bngVvFuPH+QwsLZjYnE0oVlvSdBh1i79NKF6mnXdESfZ+i7Y47foFbGlJg5I0JptKC+A lA==
Received: from nam02-dm3-obe.outbound.protection.outlook.com (mail-dm3nam02lp2041.outbound.protection.outlook.com [104.47.56.41]) by m0089730.ppops.net (PPS) with ESMTPS id 3wxy5nrt06-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <dd@ietf.org>; Mon, 18 Mar 2024 19:53:37 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fXSSloczOPh6AUxm+CYuYWDbD0ajoEhk6Y6aMll+ODU0JpFMD5mWKZXnaWw+TuDmBVuTaHnYCAnw4EFjwlMXt4d/tb5bPTDDRUUWADN332OAWNxTFBFikRSCqRsln35whjBt24xdBRbcoYoGm9/o5fKxKUi5U4sohiiPFHXRAcKTLdkrbkZoDJI6UcmcuxbL9YD4KMV76B9OiMaiZVMbsX6aOWXCEN/FvtS58ft5XOg0N3HDZSNZFBKqCk3VEkSXLMlqdezCUyJwuugiJA2CKXvfZLMESDUkaeUGlns/r2+lTJEGictfiABTB9wgXBPpxpzX7+fSiClS482D7d4uZg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KeG5o/DF9BahT9F1SsWUqnHWiUgi7BnG/NtS++KWJog=; b=FUwWPL4LXKGiWQsx8UDPT2YUYPxZcQJdqc69Ygxj999YRFJAOOptObOwmO8OEdU8+LtVIkDJrFgwtGyJqOIaI/qDE9Xj2evtUH+N4BTwpb2uBCUVfGkymdfPFp1JH0L5BMePYIsK6sslsM5eMWdL3le9zRyn/JKfnvzo1GKBr8SLMOlHfMJVOUsFT/7ou0aQwKb3zexnomr+gOMO8PujTQTmtuh6uvqkaZRKcfE36myj3sBCLiF8j5otq7QuheNX0qEY35AqOj7f86tWRTXQgVaZ4u0i0oHTI0dVXIDIRXQHqKWR/SDfN07idomijYHu5YqDj8NPQ7JgLgOHPvDN0g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meta.com; dmarc=pass action=none header.from=meta.com; dkim=pass header.d=meta.com; arc=none
Received: from SA1PR15MB4370.namprd15.prod.outlook.com (2603:10b6:806:191::8) by SA3PR15MB6194.namprd15.prod.outlook.com (2603:10b6:806:2ff::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.26; Tue, 19 Mar 2024 02:53:35 +0000
Received: from SA1PR15MB4370.namprd15.prod.outlook.com ([fe80::50:3dc9:3ace:9a3a]) by SA1PR15MB4370.namprd15.prod.outlook.com ([fe80::50:3dc9:3ace:9a3a%5]) with mapi id 15.20.7386.025; Tue, 19 Mar 2024 02:53:35 +0000
From: Ben Schwartz <bemasc@meta.com>
To: "dd@ietf.org" <dd@ietf.org>
Thread-Topic: DBOUND scope
Thread-Index: AQHaeaXm9VM6f9xyK0uG9z/AJn7Yxg==
Date: Tue, 19 Mar 2024 02:53:35 +0000
Message-ID: <MW4PR15MB437960E4E89D3EDFE8818665B32C2@MW4PR15MB4379.namprd15.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1PR15MB4370:EE_|SA3PR15MB6194:EE_
x-fb-source: Internal
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: um9eQ9LC6jQEWuOEFDjMoNnWBAEHXmvdYZ+OoUy1Jfdpv40kY9IyrHTgyfTeLDaQzg4RY0HVh6brc6d1yqvpWKbI5PVOk9JDAdo6/dgJiHEp/9CtQaUUnB4NTgfsBi2fAmuIpUm7S6EGoQLMByDEnF4MM2HEB6c7XM8C7Vg1VDw9RufjhQalH2SquiFw8/GTdc0ivRbliaOWINA3n7PBjJaFRlPt8t/kflNb2nn1qlt7XMIGbnP7k1dHg9RBkusutPHHfg/PBpvv1RD2Yc/zCL6ZZtkA/1puyvouWTpv31WfECPdF13IZvD0rmaO41zkeyzqpWQFRcnx57r202hTxc894y2bxH532R7OmvpF15BxEzQ+drwNvu7nGjudBtnC/CLaXEH/Gyj5C2MvTEH++xX7ZjWLfRm5EEw+wScLspV/y7tb428jxANhwnRJbkGHKnGXLXkHhhuN7c8VAd7VFi9xaquNSRhTVJ3Wl6bbW07HWQxu+f8Q47lCtoJ23ue0OMfHKDhb6g2BAOTXsQLCYyE6fYkAH9kQhhdjFZc8v/c1/FfkAMGCLoRXlBre+mYFdmKDRKO0lnmgT9QilWT52JSEY98ffuafhBrZhStMdUg=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA1PR15MB4370.namprd15.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366007)(1800799015)(376005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: YAMSaupgg5qA+oZSFVOdMAnOtKfoUc6v6VT8s2kOOcrRmmK8sicQxYxBhcJa1W6pKM8RC2gLh/eqZRRfYowcx2x8gtO0iNg8PvA5z37hEJBE5VG43BF8+4pAbSt1BU1ekUBTCSq3UyyqvbE/JYLzgsGhyi5XPd0JzGvVsLJp/G/gEX7WJ1mT8op5nmi8eSKqEswMrih50eJCvK9uD/HG6XoTuggxXHooSdJOhfnNpdvagskCMRwVnHHkQ1GqsDTZEmgA8GXSb1gmoJ3PRmrwQGv1VzRuRrP2xC+aUJdUwxts7Yv4sxmIpj79rrR0KuVsUeHP+wGcOAaE5/yCYpWPf2fqaItFY2Xl8HfACYt9z6uUZVT4R0Eaj9P2p0ziN79ze8T01xC5KpcvE8fIryBNOOA4U6BoIjJkqxyj3G5XCJdKMr2kLjWDuhGC73BsmMlTrkbSI0ZBOPV3r1zcBLAUQHDYuERcVG2WSv+Y9WPTKy0SZ1gHjNJU/sqYMElei7MPH5//CpnqtB7b+SqC3CLLqN6y3Vy7hMCDOem+4EBClYJWDzGgLiKYmpjiZF9tkuuZv8r6WYGlsXfzxXyoMUOjkJtMnPlSg9d6eIMblwIG6E5zJ/fGg4rbWVwy7T4cFAxsjuhWmp3kvBDULeE9x3Xn2iOxephbFFOAbVP28rNFi2h7anNoKuBKP0335fUoo1NZt5sD4QHLuVv+GTZC3j4NL2z7xVnw8Mjd8URmzmd6U0U/4HtX7w5iE14U43rVxGJkUGS3j6cmu7dhiTWBjd2fIajrTg5YqFJ5fT4OQzR2xMKDExExtoRR9F+IpkKv5rpwdy3tWkC3eVUltnHNYrlrirgrH5HD9yepQhnrODnf/dyFIE771jGGqPVPEg0IS7vp2OqnPvVz96RfhDQshmBXuKEmftM0RxtG/kQGqNXL6Wrq8uL/Ql1Lj6Eq8hSsa3fMpA9HpUykvHsOr0pCUpietr/3VH2927xxpS8GU2avFWcn4OjPxZ2TaTciEsH6w5G4empfedjG0I3tKVJEmS2z8NmbNIobjm/DBB1NscvFblI01B7DHd4UVaoUF4BN0NENnL3wb5+XMeBffqQC1AA2EUK8HYqqqgeWOtjLj/fVFMUF1wynkTaLTGeshHkamN/RcKA1B23IuOtqbRcgFbKlv1q4ys6b/29eZYldVid0hORx81BgyWRANLIY282FRX7ldUevpw+k1Wy50ss7MfAn0I6vL5wC6Fy5hMkziX8ODnrAXieMAiILHoZBdQpML8ToE/2uCALrONwgwFbRUs+8Ug8tg2qxgbeqyaNFBtztOBkfUW6OCB6Wm+xvTS4WpWmzSN7wipq0bhKg57Yw+nudvTFd4V0DHASUeMY/rAk/mjCKT5PrV07ej9Mdzv6VO4SVbaSgAY8A4HH+1Q+79D+VDB7GdRwaItIN73gSs+aztqmkQuWzoiurU04Bv03nX21EySQe+4mNjZcoVgGUug63UzHpnPnG79tpfc/Q2Xzjg55IEGv5pzM1o00OCcrQkFZSGYgrK/IHfupvOOwL5lWuysTspadmd4wGigOHMxuez/+w7TpV6bOonUI4fwERQ8ANd3O/1U5gt3GSBCJiRKU2EjUMjwAYRqtZNHGj6Tzb9Bw=
Content-Type: multipart/alternative; boundary="_000_MW4PR15MB437960E4E89D3EDFE8818665B32C2MW4PR15MB4379namp_"
X-OriginatorOrg: meta.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR15MB4370.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 398f1265-580c-4017-1b55-08dc47bfc561
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Mar 2024 02:53:35.5204 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: iByHRQ8T8FMyg1WIz5MNfZjref1qVixPQRs+y9wExkwJc0zH81+ZDspeQeCtviKh
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR15MB6194
X-Proofpoint-GUID: Uw_s2ztONUnU63o9WZErtdsUfKrNVrHj
X-Proofpoint-ORIG-GUID: Uw_s2ztONUnU63o9WZErtdsUfKrNVrHj
X-Proofpoint-UnRewURL: 0 URL was un-rewritten
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-18_12,2024-03-18_03,2023-05-22_02
Archived-At: <https://mailarchive.ietf.org/arch/msg/dd/EfA2j6Wo3COPpkFsVe-iplGw13A>
Subject: [dd] DBOUND scope
X-BeenThere: dd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DNS Delegation <dd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dd>, <mailto:dd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dd/>
List-Post: <mailto:dd@ietf.org>
List-Help: <mailto:dd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dd>, <mailto:dd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Mar 2024 02:54:56 -0000

I saw a few concerns in Zulip today about whether the DBOUND-like work is addressable by any​ technical solution.  I think it is.  Additionally, I think:

* We should use DELEG to solve it.
* We should ensure that DELEG is specified so that it can be used for this (e.g. supporting SvcParams in AliasMode.)
* We should keep this solution out of scope for the charter, because it's a complex topic and requires some additional protocol elements beyond DELEG.

Here's an example:

Some browsers today show only the "registrable domain" in the title bar, to minimize user confusion.  This is sometimes the second-level domain, but not always (e.g. for co.uk).  There are also some other contexts in which the "registrable domain" is a valuable concept (e.g. rate limits for PKI certificate issuance, like Let's Encrypt [1]).

A DELEG flag meaning "this delegation is from a registry" would be useful to help clients identify the "registrable domain".  For browser use, this would require some additional protocol work, to accumulate relevant DELEG metadata and pass it back to the stub in EDNS.

It's true that further delegations down the tree could set the "registry" flag disingenuously.  That's not a problem: the client is only interested in the "topmost registrable domain", and would ignore any indications from further down the tree.

There are certainly significant challenges here, such as convincing registry and resolver operators to implement this system, but the technical function could address the relevant problem.

--Ben

[1] https://letsencrypt.org/docs/rate-limits/#:~:text=The%20main%20limit%20is%20Certificates%20per%20Registered%20Domain%20(50%20per%20week).

v2.39.1 | Report a Bug | By Email | System Status