IETF Logo Mail Archive

Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasing-requirements-00.txt

Paul Hoffman <paul.hoffman@vpnc.org> Mon, 28 February 2011 15:02 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 444133A69FB for <dnsext@core3.amsl.com>; Mon, 28 Feb 2011 07:02:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.483
X-Spam-Level:
X-Spam-Status: No, score=-101.483 tagged_above=-999 required=5 tests=[AWL=0.563, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ly9wXbwI6+ow for <dnsext@core3.amsl.com>; Mon, 28 Feb 2011 07:02:29 -0800 (PST)
Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id 7D9873A6947 for <dnsext@ietf.org>; Mon, 28 Feb 2011 07:02:29 -0800 (PST)
Received: from MacBook-08.local (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p1SF2DiP076676 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for <dnsext@ietf.org>; Mon, 28 Feb 2011 08:02:14 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Message-ID: <4D6BB8F5.7000505@vpnc.org>
Date: Mon, 28 Feb 2011 07:02:13 -0800
From: Paul Hoffman <paul.hoffman@vpnc.org>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: dnsext@ietf.org
References: <20110223001502.31614.56353.idtracker@localhost> <20110223114720.GA10740@bikeshed.isc.org> <D3C451913423BA973D633EC1@Ximines.local> <20110228084859.GA6668@nic.fr> <694623190672302366251A5F@nimrod.local>
In-Reply-To: <694623190672302366251A5F@nimrod.local>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasing-requirements-00.txt
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Feb 2011 15:02:30 -0000

On 2/28/11 1:26 AM, Alex Bligh wrote:
>
>
> --On 28 February 2011 09:48:59 +0100 Stephane Bortzmeyer
> <bortzmeyer@nic.fr> wrote:
>
>>> > technology; it can be done, and is done today, entirely with
>>> > provisioning logic and registry policy.
>>>
>>> +AB: Note this isn't only a registry solution. It could be done by
>>> +AB: users too (e.g. through a zonefile preprocessor that was
>>> +AB: run prior to signing of the zone).
>>
>> A registry can be at any level. See the IDN RFCs which use the word
>> "registry" for "anything that manage a zone, whether the zone is .com
>> or foobar.momandpop.example".
>
> I'm not sure that's the natural meaning of the term, nor that
> that's how the draft uses it, e.g. from Section 5 in the I-D
>
>> In
>> addition, as described briefly above, registry operators have a great
>> many techniques for applying policy to what names can be registered,
>
> but if we going to use "registry" to mean "zone manager", we should
> say so. Otherwise, we should just say "zone manager" where it's
> applicable to more than registries (meaning ones allowing third
> party registrations).
>

There may be a difference between registries and zone managers, but it 
is not in the protocol. A registry has some interface with (normally) 
humans to receive information about the creation of new zones and the 
DNS-applicable data for existing zones; registries are also expected to 
do authorization and authentication of those (normally) humans. Zone 
managers only deal with zone data, (normally) given to them by the 
registry for the zones being administered.

Normally, there isn't a distinction between the two entities, but in the 
case of this document, there is. It is the registry that would be 
responsible for determining the aliases for a zone and enumerating them 
to the zone administrator. The zone administrator simply does the right 
technical bits to make all the aliases work. In many cases, the two 
roles will be the same for aliasing, but for many cases, they will be 
completely different organizations.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email