IETF Logo Mail Archive

Re: [dnsext] we need help to make names the same, was draft-yao-dnsext-identical-resolution-02 comment

Phillip Hallam-Baker <hallam@gmail.com> Tue, 22 February 2011 14:34 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 143263A68E2 for <dnsext@core3.amsl.com>; Tue, 22 Feb 2011 06:34:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.551
X-Spam-Level:
X-Spam-Status: No, score=-3.551 tagged_above=-999 required=5 tests=[AWL=0.047, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sJ+iwfX6JA8X for <dnsext@core3.amsl.com>; Tue, 22 Feb 2011 06:34:36 -0800 (PST)
Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by core3.amsl.com (Postfix) with ESMTP id 4F8DC3A689A for <dnsext@ietf.org>; Tue, 22 Feb 2011 06:34:35 -0800 (PST)
Received: by bwz12 with SMTP id 12so3721827bwz.27 for <dnsext@ietf.org>; Tue, 22 Feb 2011 06:35:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=HDlgv8UIdvGaBnwz/asJnheih5l3bsoiQ6wLGY/5LwU=; b=mmKfsCenWFe1TF6hb9ipqz+dxKKr1r2LTox21k8jiiG4iDPmD66l3Vbs1xlr7IBnsB 80VWuZuZ0sXqUVmEp3RzB7edIRrdVjfB29zZkwRsiOXCrNbktRYZby8vwaclFhyDMQZt W6NpfsklJHa5HjfgtYuZ7/RCh4Tpcb5Fwojok=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=j3XhoNXHSue+7B5VtcaHX0KmJvMKd18VTzrqMsq25eQbILM2pYpVY4CvdfuUh+mErj CWxJXoYlXSW82AsMvwEKozj6tMCTiOZRqz4Z3/ITh9KLQlPBjwnZBVP4amnoIZyt3sf7 hSKC71rKQWP0OLeuAZhIGWfn5a1eKlelgiQyo=
MIME-Version: 1.0
Received: by 10.204.122.68 with SMTP id k4mr2565637bkr.153.1298385318935; Tue, 22 Feb 2011 06:35:18 -0800 (PST)
Received: by 10.204.14.139 with HTTP; Tue, 22 Feb 2011 06:35:18 -0800 (PST)
In-Reply-To: <199C7B2B4228461FB024E59A990DB46D@ics.forth.gr>
References: <20110216073338.7251.qmail@joyce.lan> <F21692535B1A478F95D9E3AA048E8037@ics.forth.gr> <20110216165921.GW96213@shinkuro.com> <3B90ED2E-980D-4B01-889F-447D66D0B58D@insensate.co.uk> <20110216174011.GZ96213@shinkuro.com> <20110218143653.GC84482@bikeshed.isc.org> <20110218151209.GF66684@shinkuro.com> <4D5EEE09.4080405@dougbarton.us> <20110218222950.GL74065@shinkuro.com> <4D5EF74C.9080603@dougbarton.us> <20110218230905.GN74065@shinkuro.com> <4D5F270F.20401@abenaki.wabanaki.net> <199C7B2B4228461FB024E59A990DB46D@ics.forth.gr>
Date: Tue, 22 Feb 2011 09:35:18 -0500
Message-ID: <AANLkTimtt_D_gfbpoEjfGCxDnSEfwHqc00Y7hMV_zEPH@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Vaggelis Segredakis <segred@ics.forth.gr>
Content-Type: multipart/alternative; boundary="0016e6dee788b77c53049cdfe39f"
Cc: dnsext@ietf.org
Subject: Re: [dnsext] we need help to make names the same, was draft-yao-dnsext-identical-resolution-02 comment
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Feb 2011 14:34:37 -0000

I think the big problem here is the failure to accept the fact that the
problem as stated is ambiguous and interpreted literally is nonsense.


If we have two trees, x.y.z.a, x.y.z.b what does it mean for them both to be
'the same'?

Do we mean the same from an application point of view or from a DNS layer
point of view?


Solving the problem from the application point of view is easy. We just
invent a new pointer that aware applications can interpret. Non-aware
applications will not.

Making the two trees 'the same' at a DNS level appears to me to be nonsense.
It is only possible for the DNSSEC signature to be for one of them. So they
are not going to be exactly the same, one must inevitably be the canonical
form.


This particular issue seems to arise from certain political objectives, the
futility of which has been amply demonstrated in the past few weeks.

v2.23.0 | Report a Bug | By Email