Re: [dnsext] Name equivalence: Another no protocol change solution
Alex Bligh <alex@alex.org.uk> Mon, 13 September 2010 14:00 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F04863A69DD; Mon, 13 Sep 2010 07:00:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.265
X-Spam-Level:
X-Spam-Status: No, score=-2.265 tagged_above=-999 required=5 tests=[AWL=1.734, BAYES_00=-2.599, GB_I_LETTER=-2, J_CHICKENPOX_55=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wC+MQmQ2bFT3; Mon, 13 Sep 2010 07:00:39 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id DC8C33A696B; Mon, 13 Sep 2010 07:00:38 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1Ov9XF-0002oL-9r for namedroppers-data0@psg.com; Mon, 13 Sep 2010 13:57:29 +0000
Received: from mail.avalus.com ([89.16.176.221]) by psg.com with esmtp (Exim 4.72 (FreeBSD)) (envelope-from <alex@alex.org.uk>) id 1Ov9XB-0002nn-PH for namedroppers@ops.ietf.org; Mon, 13 Sep 2010 13:57:26 +0000
Received: from [192.168.100.15] (87-194-71-186.bethere.co.uk [87.194.71.186]) by mail.avalus.com (Postfix) with ESMTPSA id 65012C56960; Mon, 13 Sep 2010 14:57:23 +0100 (BST)
Date: Mon, 13 Sep 2010 14:57:22 +0100
From: Alex Bligh <alex@alex.org.uk>
Reply-To: Alex Bligh <alex@alex.org.uk>
To: Niall O'Reilly <Niall.oReilly@ucd.ie>
cc: namedroppers@ops.ietf.org, Alex Bligh <alex@alex.org.uk>
Subject: Re: [dnsext] Name equivalence: Another no protocol change solution
Message-ID: <952FA12530B5693E36B03554@Ximines.local>
In-Reply-To: <4C8E266D.3070702@ucd.ie>
References: <C0F55485EA77FDF78E9B0398@Ximines.local> <4C8E266D.3070702@ucd.ie>
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>
Niall, --On 13 September 2010 14:26:05 +0100 Niall O'Reilly <Niall.oReilly@ucd.ie> wrote: > On 09/09/10 17:30, Alex Bligh wrote: >> The problem to me seems to be divided into (at least) two: >> >> 1. Apparent pseudo-regulatory requirement to ensure TLDs operate with >> recursive sameness. This is making TLD1 == TLD2. >> >> 2. Requirement within a TLD for some sort of equivalence (possibly not >> recursive) but notably not driven by a third party's perceived >> requirements. This is making foo.TLD == bar.TLD. >> >> Problem 1 can, it seems to me, be solved by DNAME. DNAME only doesn't >> do the job when there is a record at the apex, because DNAME+CNAME >> can't coexist. Few if any TLDs have records at their apexes. >> >> Problem 2 cannot in general be solved by DNAME (DNAME+CNAME problem), >> as foo.tld may well exist. This can, however, in general be solved >> by provisioning algorithms. > > Alex, > > Are you assuming either > (a) that cascaded sameness requirements won't arise. or If by cascaded sameness you mean what I defined as recursive sameness, I am assuming it only arises for TLD sameness, or more accurately for problem statement 1. This is handled by DNAME as far as I can tell. No one has (I think) given a requirement for recursive sameness for problem statement 2, and indeed it is often a disadvantage. > (b) that the multiplicity (cardinality?) of a "sameness > bundle" will always be small? Well, there is more than one type of multiplicity. If we are talking about label multiplicity, i.e. a1.b1.c1.d1 and an.bn.cn.dn are equivalent for all values of n, thus creating an O(n^k) problem, then DNAME solves this to the extent it is used. As for (2) my current view is that at the application layer you already have an O(n^k) problem, so we are not, at least, making things much worse than at the application layer. I suppose yes, I am assuming that in scenario 2, the range of n is small. If we are talking about problem types similar to what I understand the Greek tonos problem to be, we have a high "cardinality" within the label, so using case of letter to indicate sameness we need abcabcabc ABCABCABC abcABCabc AbCaBcAbC (etc.) all to be the same. No solution I've yet seen apart from synthesis based solutions (which could be added to 2) fix this as DNS's smallest unit of lookup is the label rather than the constituent parts thereof. So what I propose is no worse than any of the non-synthesis based protocol solutions, and anyone wanting to add synthesis (plus online signing) can do so orthogonally to what I propose. -- Alex Bligh
- [dnsext] Name equivalence: Another no protocol ch… Alex Bligh
- Re: [dnsext] Name equivalence: Another no protoco… Niall O'Reilly
- Re: [dnsext] Name equivalence: Another no protoco… Alex Bligh
- Re: [dnsext] Name equivalence: Another no protoco… Niall O'Reilly
- Re: [dnsext] Name equivalence: Another no protoco… Alex Bligh
- Re: [dnsext] Name equivalence: Another no protoco… Niall O'Reilly
- Re: [dnsext] Name equivalence: Another no protoco… Alex Bligh
- Re: [dnsext] Name equivalence: Another no protoco… Niall O'Reilly
- Re: [dnsext] Name equivalence: Another no protoco… Alex Bligh
- Re: [dnsext] Name equivalence: Another no protoco… Niall O'Reilly
- Re: [dnsext] Name equivalence: Another no protoco… Alex Bligh
- Re: [dnsext] Name equivalence: Another no protoco… Niall O'Reilly