Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasing-requirements-00.txt
Phillip Hallam-Baker <hallam@gmail.com> Tue, 01 March 2011 16:07 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8DFD53A6996 for <dnsext@core3.amsl.com>; Tue, 1 Mar 2011 08:07:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.422
X-Spam-Level:
X-Spam-Status: No, score=-3.422 tagged_above=-999 required=5 tests=[AWL=-0.123, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0k5AjzkoNpY5 for <dnsext@core3.amsl.com>; Tue, 1 Mar 2011 08:07:36 -0800 (PST)
Received: from mail-bw0-f44.google.com (mail-bw0-f44.google.com [209.85.214.44]) by core3.amsl.com (Postfix) with ESMTP id D9DBE3A6992 for <dnsext@ietf.org>; Tue, 1 Mar 2011 08:07:35 -0800 (PST)
Received: by bwz13 with SMTP id 13so5449846bwz.31 for <dnsext@ietf.org>; Tue, 01 Mar 2011 08:08:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=L6qiTmSpEehVHxpmDz0G0I5axgzkM/tC7AZzNgVFOSU=; b=SqRdMuDGM6gZBOzLflDqzVMx3/nFBogPKvhZu52kKctCxw6yXBfSYd8p+7AMrW6Fgq B0vwbfbVumQDXPML5bujdw0j7ubnAYR0luxr8ZtAOWccEZlgHl+CBHTbdSDdvBT/u/Zs paR14OsdGfA5sHGTAySf0l6+MiIlFdJkbHU+w=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=i5Lu9zPQeqAvYTVEixM92ojF2pD8rMy5DcQ4g4x7ZFku0zao3zxjwIUmBc+aYT0ys9 srGFjZOFaiH5edTRpsOea47AkX7JZo00FOqkCoIZVOcwnZZds2hkFVoaLQ9YV4Q2xfBu xS250MljMbsO2VaJVqAKePSysc0ZxBx2Eemz0=
MIME-Version: 1.0
Received: by 10.204.48.77 with SMTP id q13mr2517775bkf.128.1298995718259; Tue, 01 Mar 2011 08:08:38 -0800 (PST)
Received: by 10.204.14.139 with HTTP; Tue, 1 Mar 2011 08:08:38 -0800 (PST)
In-Reply-To: <335963D7-3440-45E6-843C-38F419462792@cisco.com>
References: <20110227191542.6824.qmail@joyce.lan> <335963D7-3440-45E6-843C-38F419462792@cisco.com>
Date: Tue, 01 Mar 2011 11:08:38 -0500
Message-ID: <AANLkTi=4VuWBJ1i87xMkFj=Q59=0Q0aOLsxrSqRLf61s@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Patrik Fältström <paf@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: dnsext@ietf.org
Subject: Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasing-requirements-00.txt
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Mar 2011 16:07:37 -0000
2011/2/27 Patrik Fältström <paf@cisco.com>: > 2. Support of more application layer aliases > > 2.1. In HTTP and a few other protocols, we have the ability to do a redirect inside the application layer protocol itself. We do not have that in all protocols. In other we have things like the MX records. Do we with IDN etc need more of these, and do we need a mechanism in DNS that "help" such redirect in a "lower" layer in the resolution algorithm? > > 2.2. When using HTTP HOST header, and SSL where the DN of the cert is matched with the domain name used, it is kind of problematic to match the application layer with what originally was entered by the user. Is there some need for DNS layer aliases that changes what later is matched in the application layer comparisons? I would say not. The legacy HTTP protocol requires that the name presented in the Host header be the name that is present in the URL. There is no provision for rewriting as far as I am aware. Let us imagine we want a mapping a.com = b.com and the name a.com is presented. There are two design choices: 1) The client performs the rewrite. The best way to achieve this in my view would be to present a Host header for b.com and add in a new header to tell the server that the original origin was a.com This is compatible with legacy servers but not legacy clients. 2) The Server performs the rewrite. This is really hard to achieve as it requires the server to know that the mapping even exists. Typically a server is responding to hundreds of domains. Even large production servers do this. If a server receives a request for a.com it has no means of knowing that it 'should' map that to b.com unless the DNS configuration is somehow mapped to the Web administration. This is quite straightforward to handle administratively when the mapping is www.b.com to b.com because the source and target are in the same administrative zone. But this is not going to work if the mapping is being controlled by a TLD. 3) Don't support the aliasing requirement. 'nuff said. Note that in both cases the administrative model is only practical if there is a mapping of one name to another. It is futile to attempt to make the names 'the same' without nominating a canonical form. The legacy of Web servers is far more complex and difficult to change than legacy user applications. Web services are a different matter. Writing a Web browser is rather complex and there is a pretty high bar. There is very little demand for Web browsers that are not as good as Firefox or Chrome or IE or Safari or Opera (that is not an exhaustive list but most other browsers out there have a lot of common code with the above) There is a huge demand for Web servers that are smaller and lighter than Apache. To give you an idea of just how embedded these web servers are, you can get an ethernet socket that looks just like a regular socket but interfaces to an RS232/422 port and has a Web server and TCP/IP stack built into the plug. It is a cheap way to add ethernet connectivity to SCADA equipment. There are more brands of that type of connector than major web browser. There are a lot of cruddy Web browsers on phones but I don't think they get used more than a few times and they function so poorly that breaking them worse does not really matter much. The good mobile browsers all come from companies that are actively developing them. Web services are trickier. At one level they are quite easy because people who write mashups are already using pretty unfriendly URLs to identify service endpoints. But I think that has to be a temporary condition. We should be using SRV and other advanced discovery to make these connections. So with this in mind, I think that there is a brief window of opportunity in which we could make this change for Web Services applications. Over the past few weeks I have been discussing my ESRV scheme with principles in the Web Services platform space at major vendors who control and drive the relevant platforms. Since any Web Services support infrastructure would have to be buried deep in the scripting libraries used for making mashups, it would not be difficult to add in an aliasing requirement. But we have to be very quick if that is going to happen. The window is going to close very soon. > 4. How do we ensure skilled apps people manage to work with skilled DNS people so that the end result is optimal? (something IETF is not always very good at...) Skill in HTTP will probably only provide a better understanding of the range of constraints. There is 18 years of legacy here and a lot more complexity than in DNS. -- Website: http://hallambaker.com/
- [dnsext] I-D Action:draft-ietf-dnsext-aliasing-re… Internet-Drafts
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Suzanne Woolf
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Ted Hardie
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Doug Barton
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Stephane Bortzmeyer
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Doug Barton
- Re: [dnsext] I-DAction:draft-ietf-dnsext-aliasing… George Barwood
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Alex Bligh
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… John Levine
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Patrik Fältström
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Stephane Bortzmeyer
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Alex Bligh
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Paul Hoffman
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Dan Schlitt
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Paul Vixie
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Alex Bligh
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Alex Bligh
- [dnsext] How to bring discussion to a close (was:… Andrew Sullivan
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Niall O'Reilly
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Alex Bligh
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Stephane Bortzmeyer
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Niall O'Reilly
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Niall O'Reilly
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Alex Bligh
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Niall O'Reilly
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Phillip Hallam-Baker
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Tony Finch
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Mark Andrews
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Tony Finch
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Tony Finch
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Mark Andrews
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Tony Finch
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Mark Andrews
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Phillip Hallam-Baker
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Tony Finch
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Alex Bligh
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Mark Andrews
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Mark Andrews
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Masataka Ohta
- [dnsext] errata on RFC1034 for recursive aliasing… Masataka Ohta
- Re: [dnsext] errata on RFC1034 for recursive alia… Mark Andrews
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Stephane Bortzmeyer
- Re: [dnsext] errata on RFC1034 for recursive alia… Andrew Sullivan
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Niall O'Reilly
- Re: [dnsext] errata on RFC1034 for recursive alia… Masataka Ohta
- Re: [dnsext] errata on RFC1034 for recursive alia… Andrew Sullivan
- Re: [dnsext] errata on RFC1034 for recursive alia… Paul Vixie
- Re: [dnsext] errata on RFC1034 for recursive alia… Masataka Ohta
- Re: [dnsext] errata on RFC1034 for recursive alia… Brian Dickson
- Re: [dnsext] errata on RFC1034 for recursive alia… John Levine
- Re: [dnsext] errata on RFC1034 for recursive alia… Masataka Ohta
- [dnsext] pricing for equivalent localized domain … Masataka Ohta
- Re: [dnsext] pricing for equivalent localized dom… John Levine
- Re: [dnsext] errata on RFC1034 for recursive alia… Brian Dickson
- Re: [dnsext] pricing for equivalent localized dom… Masataka Ohta
- Re: [dnsext] errata on RFC1034 for recursive alia… Masataka Ohta
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Brian Dickson
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Doug Barton