Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasing-requirements-00.txt
Stephane Bortzmeyer <bortzmeyer@nic.fr> Thu, 24 February 2011 10:36 UTC
Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 151B53A6407 for <dnsext@core3.amsl.com>; Thu, 24 Feb 2011 02:36:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.649
X-Spam-Level:
X-Spam-Status: No, score=-109.649 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_FR=0.35, J_CHICKENPOX_37=0.6, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mGn4qd0NnCRd for <dnsext@core3.amsl.com>; Thu, 24 Feb 2011 02:36:35 -0800 (PST)
Received: from mx2.nic.fr (mx2.nic.fr [IPv6:2001:660:3003:2::4:11]) by core3.amsl.com (Postfix) with ESMTP id 2AA653A6A6F for <dnsext@ietf.org>; Thu, 24 Feb 2011 02:36:33 -0800 (PST)
Received: from mx2.nic.fr (localhost [127.0.0.1]) by mx2.nic.fr (Postfix) with SMTP id 8B12A1C0117; Thu, 24 Feb 2011 11:37:22 +0100 (CET)
Received: from relay1.nic.fr (relay1.nic.fr [192.134.4.162]) by mx2.nic.fr (Postfix) with ESMTP id 72F171C0116; Thu, 24 Feb 2011 11:37:22 +0100 (CET)
Received: from bortzmeyer.nic.fr (batilda.nic.fr [192.134.4.69]) by relay1.nic.fr (Postfix) with ESMTP id 67BF35680D3; Thu, 24 Feb 2011 11:37:22 +0100 (CET)
Date: Thu, 24 Feb 2011 11:37:22 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Suzanne Woolf <woolf@isc.org>
Message-ID: <20110224103722.GA28031@nic.fr>
References: <20110223001502.31614.56353.idtracker@localhost> <20110223114720.GA10740@bikeshed.isc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20110223114720.GA10740@bikeshed.isc.org>
X-Operating-System: Debian GNU/Linux 6.0
X-Kernel: Linux 2.6.32-5-686 i686
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: dnsext@ietf.org
Subject: Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasing-requirements-00.txt
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Feb 2011 10:36:39 -0000
On Wed, Feb 23, 2011 at 11:47:20AM +0000, Suzanne Woolf <woolf@isc.org> wrote a message of 69 lines which said: > Per the announcement to the list last night, the -00 of the > "aliases" problem statement has been posted to the i-d repository. Well, thanks to the authors, it is a very necessary document and I appreciate that two courageous persons decided to actually work on it. This being said, I'm not terribly happy with the result. IMHO, such a document should be used to help people understand the issues before claiming "We need variants in the DNS" and I'm afraid it is too complicated at this stage to fill this role. More specifically: The document does not mention clearly that the starting point is a difference of expectations between normal humans and IETF members. Normal humans assume that some names are identical (color.example == colour.example, café.fr == cafe.fr, wells-fargo.com = wellsfargo.com, ibm.example = IBM.Example, etc) and the DNS does not deliver what they want. IETF participants know that my last example works and not the other three but, when you try to explain that to normal humans, they don't understand and they are right. It should be stated from the beginning that we simply cannot provide a DNS behaviour that will be seen by normal users as "natural" and "unsurprising" (because of the complexity of the rules and their language-dependant character). So, we should warn users, not try to create mechanisms that will *always* fall short of their expectations. Second, the document seems to assume that the problem is mostly, if not exclusively, an IDN thing. As the examples above (and the examples of phishing sites) show, this is far from true. In registries which are still discussing IDN registration (like .FR, see <http://www.afnic.fr/actu/nouvelles/271/10-february-2011-idn-workshop-organised-by-afnic>), some people keep telling that IDN are complicated and we should not allow them because of this complication. But the examples above show that IDN are not the only issue. It would be better if the document clearly stated that. (Another french story: in .FR, the law - not the registry policies - says that city names are reserved to the city council, and this is done in a dash-independent way: saint-quentin.fr and saintquentin.fr are therefore part of the same "bundle". Since the law is only for cities, not for corporations, saint-gobain.fr and saintgobain.fr are still distinct. Imagine the user confusion!) The case (pun intended) of case-insensitivity is a complex one. It is obviously impossible to change the rules now but the document says several times that the case-insensitive rule is a good one, which is not obvious. The case-insensitivity rule is not perfect (in French, Poussin is a painter and poussin a bird) and users legitimally ask "why case is not important but a stupid dash is?". The document's only negative remark about case-insensitivity is about its use in compression (section 2.3.1), which seems to me an useless detail (because only implementers see it). I suggest to drop this sentence about compression: the biggest lack of consistency is not in compression, it is in the fact that DNS is fuzzy on some criteria (case) and strict in others (dash, spelling). The document mentions several times (for instance 3.1.1) the perceived need to be able to distinguish if a name is a member of a bundle. This need is not explicitely stated in the Proposed Requirments section (4) and is questionable. What is the rationale for this unstated requirment? After all, unless you use DNSSEC, I do not think there is today a way to tell if a name was generated by a wildcard expansion (if you want to test, tell me if real-name1.office--enregistrement.fr is real or synthetic). The section on Applications (3.3) apparently does not mention the fact that many application protocols (HTTP and SMTP are two obvious examples) need to be configured to recognize the bundle. (Which is a strong argument against a new DNS solution, since it will be useless anyway.) Technical nit: I find no mention of RFC 3403 which seems a (corner) case where even a purely DNS solution would be a problem if a rule uses the original domain name for rewriting. Editorial nit: the reference to the IDNA standard is now RFC 5890.
- [dnsext] I-D Action:draft-ietf-dnsext-aliasing-re… Internet-Drafts
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Suzanne Woolf
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Ted Hardie
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Doug Barton
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Stephane Bortzmeyer
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Doug Barton
- Re: [dnsext] I-DAction:draft-ietf-dnsext-aliasing… George Barwood
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Alex Bligh
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… John Levine
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Patrik Fältström
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Stephane Bortzmeyer
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Alex Bligh
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Paul Hoffman
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Dan Schlitt
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Paul Vixie
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Alex Bligh
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Alex Bligh
- [dnsext] How to bring discussion to a close (was:… Andrew Sullivan
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Niall O'Reilly
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Alex Bligh
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Stephane Bortzmeyer
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Niall O'Reilly
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Niall O'Reilly
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Alex Bligh
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Niall O'Reilly
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Phillip Hallam-Baker
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Tony Finch
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Mark Andrews
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Tony Finch
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Tony Finch
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Mark Andrews
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Tony Finch
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Mark Andrews
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Phillip Hallam-Baker
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Tony Finch
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Alex Bligh
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Mark Andrews
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Mark Andrews
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Masataka Ohta
- [dnsext] errata on RFC1034 for recursive aliasing… Masataka Ohta
- Re: [dnsext] errata on RFC1034 for recursive alia… Mark Andrews
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Stephane Bortzmeyer
- Re: [dnsext] errata on RFC1034 for recursive alia… Andrew Sullivan
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Niall O'Reilly
- Re: [dnsext] errata on RFC1034 for recursive alia… Masataka Ohta
- Re: [dnsext] errata on RFC1034 for recursive alia… Andrew Sullivan
- Re: [dnsext] errata on RFC1034 for recursive alia… Paul Vixie
- Re: [dnsext] errata on RFC1034 for recursive alia… Masataka Ohta
- Re: [dnsext] errata on RFC1034 for recursive alia… Brian Dickson
- Re: [dnsext] errata on RFC1034 for recursive alia… John Levine
- Re: [dnsext] errata on RFC1034 for recursive alia… Masataka Ohta
- [dnsext] pricing for equivalent localized domain … Masataka Ohta
- Re: [dnsext] pricing for equivalent localized dom… John Levine
- Re: [dnsext] errata on RFC1034 for recursive alia… Brian Dickson
- Re: [dnsext] pricing for equivalent localized dom… Masataka Ohta
- Re: [dnsext] errata on RFC1034 for recursive alia… Masataka Ohta
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Brian Dickson
- Re: [dnsext] I-D Action:draft-ietf-dnsext-aliasin… Doug Barton