Re: [dnsext] ICANN's "synchronized domains" and the DNSEXT alias maybe-work
Brian Dickson <brian.peter.dickson@gmail.com> Sat, 10 April 2010 16:12 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D50233A6923; Sat, 10 Apr 2010 09:12:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.712
X-Spam-Level:
X-Spam-Status: No, score=0.712 tagged_above=-999 required=5 tests=[AWL=-1.207, BAYES_40=-0.185, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a5gr7TKE+ONw; Sat, 10 Apr 2010 09:12:20 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 044173A67DA; Sat, 10 Apr 2010 09:12:19 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.71 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1O0dAI-000Lmi-7A for namedroppers-data0@psg.com; Sat, 10 Apr 2010 16:04:10 +0000
Received: from [74.125.83.52] (helo=mail-gw0-f52.google.com) by psg.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <brian.peter.dickson@gmail.com>) id 1O0dAA-000Lix-2h for namedroppers@ops.ietf.org; Sat, 10 Apr 2010 16:04:02 +0000
Received: by gwj23 with SMTP id 23so2049170gwj.11 for <namedroppers@ops.ietf.org>; Sat, 10 Apr 2010 09:04:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:received:message-id:subject:from:to:cc:content-type; bh=eJG5pJ8EskqJGkhLABRP6wy6z+ByatKcOgPdEcYC0F0=; b=cnO5kTRp4AdFJag2Q8Gt9bN/ZOMwt2cDYPqoBya/cRY0CrRZg4g71nlCzwQ6wsGyjg AJtiEbp0Ez43Wp9E/JZJLAL0fgE02jSLA/rhUBIwSX1dCF9vJvoQi4XvHLkyBlF4OUbu dxk1fWKbvc+8uqJ8tvrmQNl2DHqbRa0o1naX4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=fCRGztxHWnfx7uM4IZaAro2v/BO3wuunpD43Uu4Gu1cVgZa8juShTCq4LeayRch0Cp Pkb/Xke2orRw7s70JOZF9wkoiQCAXWfe9asm75ljbfVZOoJcf4IywCPKkVQaCVWU8auy 1Y2X/zgc5f+RKtQk1YmYVsHX+uSBf5qXz1aaM=
MIME-Version: 1.0
Received: by 10.100.91.5 with HTTP; Sat, 10 Apr 2010 09:04:00 -0700 (PDT)
In-Reply-To: <4BC062CA.8030203@abenaki.wabanaki.net>
References: <20100409145117.GH3595@shinkuro.com> <5B0CB63F-B238-44A8-89A6-09D508FE0FF9@icann.org> <20100409154138.GK3595@shinkuro.com> <1C64D935-BFA7-4C33-95AC-D7F514D093A0@icann.org> <20100409180535.GQ3595@shinkuro.com> <E304875B-8BB9-4DD6-A8B6-B79A8AFF2AC4@virtualized.org> <20100409190101.GY3595@shinkuro.com> <g2o3e1abd2c1004091936i45200fdl1d09e7ac4a29a4e7@mail.gmail.com> <4BC062CA.8030203@abenaki.wabanaki.net>
Date: Sat, 10 Apr 2010 13:04:00 -0300
Received: by 10.101.29.22 with SMTP id g22mr2555417anj.56.1270915440819; Sat, 10 Apr 2010 09:04:00 -0700 (PDT)
Message-ID: <p2r3e1abd2c1004100904jf5f4af98tc9cac4f7df524ebe@mail.gmail.com>
Subject: Re: [dnsext] ICANN's "synchronized domains" and the DNSEXT alias maybe-work
From: Brian Dickson <brian.peter.dickson@gmail.com>
To: Eric Brunner-Williams <ebw@abenaki.wabanaki.net>
Cc: Andrew Sullivan <ajs@shinkuro.com>, namedroppers@ops.ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>
I think we are (all) in agreement, to some degree. Here's what I'm trying to say, obviously not clearly enough to date: There are currently mechanisms with limited ability to "deliver" multiple names for the same data: CNAME and DNAME. Those are limited mechanisms, which do not handle all cases. And also, quite importantly, they do not in and of themselves support DNSSEC validation without additional work by the Signer. There are also brute-force means by which multiple names can be enumerated, which does not use any DNS protocol elements. Brute force, however, puts the burden on maintaining parallel zones on the registrant. The problem is scaling. What we don't yet have, in terms of problem statement, is an answer to what the scaling requirements are. If the answer is "two", then likely no protocol work is needed. Two scales nicely. I do not believe "two" is the answer, however. If, on the other hand, the answer is P (as in P vs NP), polynomial scaling, then I think we need to contemplate providing solutions in the WG. An example of polynomial is the expansion of regular expressions of the form: {$A|$B|$C|...} where $A == $x.{$a|$b|$c}.{$d|$e} $B == {$f|$g}.{$h|$i}.{$j|$k} $C == $y.{$l|$m}.$z and so on. We haven't *yet* been given that as a requirement, at least from ICANN or other groups. However, if the real world users, i.e. registrants and end-users, expect to be able to refer to things by such multitudes of names, and get "the same" answers, then scalability issues suggest having the technological means of keeping the zones completely identical is a firm requirement. And I believe that means DNS protocol work, either directly to do this, or indirectly to support non-DNS implementations, e.g. literally by means of indirection. I also believe that *use* of DNS protocol technology envisioned needs to be optional, and that the brute force and existing CNAME/DNAME solutions all need to be allowed and supported. One size does not fit all. And the sizes currently available do not include XXL, which is the real problem. Brian On Sat, Apr 10, 2010 at 8:36 AM, Eric Brunner-Williams <ebw@abenaki.wabanaki.net> wrote: > On 4/9/10 10:36 PM, Brian Dickson wrote: >> ... >> ICANN are concerned with the root and TLDs, but there ends their mandate. > > Please see rfc1591. In particular Section 3, parts 2 and 3. > >> ... >> The TLDs need to provision and serve whatever is mandated by ICANN. > > ICANN is a California domiciled 501(c)(3) corporation which enters > into contracts with what it calls "registry operators" (aka > "contracted parties"). Contracts do not contain "mandates", unlike > regulations. ICANN is not a regulatory body, authorized by some > specific enabling legislation. > > In broad terms, ICANN has contractual relationships with some (about > 20) "registry operators" (far fewer actually independent "registry > backend service providers", seven I think, pre-coffee), and memorada > with some other "registry operators". > >> ... >> And the registrants, particularly in the IDN space, need something of >> real value, >> especially beyond just the TLDs, to make it worth doing IDNs in the first place. > > The overwhelming bulk of that particular work has already been done, > first in the IDNA WG, completed seven years ago, and more recently in > the IDNAbis WG, recently completed. > > The problem statement here is either an administrative convenience > statement for arbitrary similarity, or the edge cases arising from a > very limited number of equivalent (in some sense) code points in the > third-party repertoire, or the specific case of intelligibility and > therefore equivalence (in some sense) of arbitrary substitution of > code points in two sub-repertoires, commonly denoted "Simplified" and > "Traditional" Chinese (aka "SC/TC equivalence"). > > The utility of non-LDH labels, even if bootstring encoded from an LDH > alphabet, and available only through presentation, does not depend on > any work this group can conceivably take. > > Eric >
- Re: [dnsext] ICANN's "synchronized domains" and t… Kim Davies
- Re: [dnsext] ICANN's "synchronized domains" and t… Kim Davies
- [dnsext] ICANN's "synchronized domains" and the D… Andrew Sullivan
- Re: [dnsext] ICANN's "synchronized domains" and t… Kim Davies
- Re: [dnsext] ICANN's "synchronized domains" and t… Andrew Sullivan
- Re: [dnsext] ICANN's "synchronized domains" and t… Paul Vixie
- Re: [dnsext] ICANN's "synchronized domains" and t… Paul Hoffman
- Re: [dnsext] ICANN's "synchronized domains" and t… Andrew Sullivan
- Re: [dnsext] ICANN's "synchronized domains" and t… John Levine
- Re: [dnsext] ICANN's "synchronized domains" and t… David Conrad
- Re: [dnsext] ICANN's "synchronized domains" and t… Andrew Sullivan
- Re: [dnsext] ICANN's "synchronized domains" and t… Jim Reid
- Re: [dnsext] ICANN's "synchronized domains" and t… Doug Barton
- Re: [dnsext] ICANN's "synchronized domains" and t… Andrew Sullivan
- Re: [dnsext] ICANN's "synchronized domains" and t… David Conrad
- Re: [dnsext] ICANN's "synchronized domains" and t… Eric Brunner-Williams
- Re: [dnsext] ICANN's "synchronized domains" and t… Eric Brunner-Williams
- Re: [dnsext] ICANN's "synchronized domains" and t… John Levine
- Re: [dnsext] ICANN's "synchronized domains" and t… David Conrad
- Re: [dnsext] ICANN's "synchronized domains" and t… Douglas Otis
- Re: [dnsext] ICANN's "synchronized domains" and t… Brian Dickson
- Re: [dnsext] ICANN's "synchronized domains" and t… Eric Brunner-Williams
- Re: [dnsext] ICANN's "synchronized domains" and t… Brian Dickson
- Re: [dnsext] ICANN's "synchronized domains" and t… Eric Brunner-Williams
- Re: [dnsext] ICANN's "synchronized domains" and t… Paul Vixie
- Re: [dnsext] ICANN's "synchronized domains" and t… Eric Brunner-Williams
- Re: [dnsext] ICANN's "synchronized domains" and t… Doug Barton
- Re: [dnsext] ICANN's "synchronized domains" and t… George Barwood
- Re: [dnsext] ICANN's "synchronized domains" and t… Niall O'Reilly
- Re: [dnsext] ICANN's "synchronized domains" and t… Suzanne Woolf
- Re: [dnsext] ICANN's "synchronized domains" and t… Patrik Fältström
- Re: [dnsext] ICANN's "synchronized domains" and t… Brian Dickson
- Re: [dnsext] ICANN's "synchronized domains" and t… Andrew Sullivan
- Re: [dnsext] ICANN's "synchronized domains" and t… Andrew Sullivan
- Re: [dnsext] ICANN's "synchronized domains" and t… Dmitry Burkov
- Re: [dnsext] ICANN's "synchronized domains" and t… Paul Vixie
- Re: [dnsext] ICANN's "synchronized domains" and t… Paul Vixie
- Re: [dnsext] ICANN's "synchronized domains" and t… Paul Vixie
- Re: [dnsext] ICANN's "synchronized domains" and t… Mark Andrews
- Re: [dnsext] ICANN's "synchronized domains" and t… Tina Dam
- Re: [dnsext] ICANN's "synchronized domains" and t… John Levine
- Re: [dnsext] ICANN's "synchronized domains" and t… George Barwood
- Re: [dnsext] ICANN's "synchronized domains" and t… Andreas Gustafsson
- Re: [dnsext] ICANN's "synchronized domains" and t… Mark Andrews
- Re: [dnsext] ICANN's "synchronized domains" and t… Florian Weimer
- Re: [dnsext] ICANN's "synchronized domains" and t… Brian Dickson
- Re: [dnsext] ICANN's "synchronized domains" and t… Mark Andrews
- Re: [dnsext] ICANN's "synchronized domains" and t… Patrik Fältström
- Re: [dnsext] ICANN's "synchronized domains" and t… Eric Brunner-Williams
- Fwd: [dnsext] ICANN's "synchronized domains" and … Joe Abley
- Re: [dnsext] ICANN's "synchronized domains" and t… Paul Vixie
- RE: [dnsext] ICANN's "synchronized domains" and t… Vaggelis Segredakis
- Re: [dnsext] ICANN's "synchronized domains" and t… YAO Jiankang
- Re: [dnsext] ICANN's "synchronized domains" and t… Andrew Sullivan
- [dnsext] Aliasing and MX Niall O'Reilly
- [dnsext] Re: Aliasing and MX Andrew Sullivan
- Re: [dnsext] ICANN's "synchronized domains" and t… Douglas Otis
- Re: [dnsext] Re: Aliasing and MX Douglas Otis
- [dnsext] Use the layers, Luke! Niall O'Reilly
- Re: [dnsext] Re: Aliasing and MX Matthew Dempsky
- [dnsext] Fully generalizable? Niall O'Reilly
- Re: [dnsext] Re: Aliasing and MX Niall O'Reilly
- Re: [dnsext] Re: Aliasing and MX Jim Reid
- Re: [dnsext] ICANN's "synchronized domains" and t… Niall O'Reilly
- Re: [dnsext] Re: Aliasing and MX Andrew Sullivan
- Re: [dnsext] Re: Aliasing and MX Andrew Sullivan
- Re: [dnsext] ICANN's "synchronized domains" and t… Niall O'Reilly
- [dnsext] Re: Use the layers, Luke! Andrew Sullivan
- Re: [dnsext] Re: Aliasing and MX Mark Andrews
- Re: [dnsext] Re: Use the layers, Luke! Niall O'Reilly
- Re: [dnsext] Re: Aliasing and MX Niall O'Reilly
- Re: [dnsext] ICANN's "synchronized domains" and t… Mark Andrews
- Re: [dnsext] ICANN's "synchronized domains" and t… Douglas Otis
- Re: [dnsext] ICANN's "synchronized domains" and t… Mark Andrews
- Re: [dnsext] ICANN's "synchronized domains" and t… Douglas Otis
- Re: [dnsext] ICANN's "synchronized domains" and t… Mark Andrews
- Re: [dnsext] ICANN's "synchronized domains" and t… YAO Jiankang
- Re: [dnsext] ICANN's "synchronized domains" and t… YAO Jiankang
- Re: [dnsext] ICANN's "synchronized domains" and t… Tony Finch
- RE: [dnsext] ICANN's "synchronized domains" and t… Vaggelis Segredakis
- RE: [dnsext] ICANN's "synchronized domains" and t… Tony Finch
- Re: [dnsext] Re: Use the layers, Luke! Andrew Sullivan
- Re: [dnsext] Re: Use the layers, Luke! Niall O'Reilly
- Re: [dnsext] Re: Use the layers, Luke! Andrew Sullivan
- BNAME, Synthesized CNAME, and DNSSEC (was: [dnsex… Andrew Sullivan
- Re: [dnsext] Re: Use the layers, Luke! Niall O'Reilly
- Re: [dnsext] ICANN's "synchronized domains" and t… Douglas Otis
- Re: [dnsext] ICANN's "synchronized domains" and t… Mark Andrews
- Re: [dnsext] ICANN's "synchronized domains" and t… YAO Jiankang
- Re: [dnsext] Re: Aliasing and MX YAO Jiankang
- Re: BNAME, Synthesized CNAME, and DNSSEC (was: [d… YAO Jiankang
- Re: BNAME, Synthesized CNAME, and DNSSEC (was: [d… Mark Andrews
- Re: [dnsext] Re: Use the layers, Luke! Niall O'Reilly
- Re: [dnsext] ICANN's "synchronized domains" and t… Yao Jiankang
- Re: [dnsext] Re: Use the layers, Luke! Andrew Sullivan
- Re: [dnsext] ICANN's "synchronized domains" and t… Andrew Sullivan
- Re: BNAME, Synthesized CNAME, and DNSSEC (was: [d… Andrew Sullivan
- Re: BNAME, Synthesized CNAME, and DNSSEC (was: [d… Mark Andrews
- Re: [dnsext] Re: Use the layers, Luke! Eric Brunner-Williams
- Re: [dnsext] Re: Use the layers, Luke! Andrew Sullivan
- Re: [dnsext] Re: Use the layers, Luke! Eric Brunner-Williams
- Re: [dnsext] Re: Use the layers, Luke! Andrew Sullivan
- Re: [dnsext] ICANN's "synchronized domains" and t… Niall O'Reilly
- Re: [dnsext] ICANN's "synchronized domains" and t… Douglas Otis
- Re: [dnsext] Re: Use the layers, Luke! Ted Hardie
- [dnsext] Side effect of DNS control plane changes… Olafur Gudmundsson
- [dnsext] Re: Side effect of DNS control plane cha… Andrew Sullivan
- Re: [dnsext] Re: Use the layers, Luke! Eric Brunner-Williams
- Re: [dnsext] Side effect of DNS control plane cha… Matthew Dempsky
- Re: [dnsext] ICANN's "synchronized domains" and t… YAO Jiankang
- Re: [dnsext] ICANN's "synchronized domains" and t… YAO Jiankang
- Re: [dnsext] ICANN's "synchronized domains" and t… Niall O'Reilly
- Re: [dnsext] ICANN's "synchronized domains" and t… Ray Bellis
- Re: [dnsext] ICANN's "synchronized domains" and t… Andrew Sullivan
- Re: [dnsext] ICANN's "synchronized domains" and t… YAO Jiankang
- Re: [dnsext] Side effect of DNS control plane cha… Olafur Gudmundsson
- Re: [dnsext] Side effect of DNS control plane cha… Matthew Dempsky
- Re: [dnsext] Side effect of DNS control plane cha… Mark Andrews
- Re: [dnsext] Side effect of DNS control plane cha… Mark Andrews