IETF Logo Mail Archive

Re: [dnsext] the same in old days, was making names the same NEED protocol changes?

Ted Hardie <ted.ietf@gmail.com> Mon, 28 February 2011 17:37 UTC

Return-Path: <ted.ietf@gmail.com>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 88F273A6A1D for <dnsext@core3.amsl.com>; Mon, 28 Feb 2011 09:37:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.637
X-Spam-Level:
X-Spam-Status: No, score=-3.637 tagged_above=-999 required=5 tests=[AWL=-0.038, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uQ8HeV+4iElx for <dnsext@core3.amsl.com>; Mon, 28 Feb 2011 09:37:56 -0800 (PST)
Received: from mail-qw0-f44.google.com (mail-qw0-f44.google.com [209.85.216.44]) by core3.amsl.com (Postfix) with ESMTP id 7DF623A6C3B for <dnsext@ietf.org>; Mon, 28 Feb 2011 09:37:56 -0800 (PST)
Received: by qwh6 with SMTP id 6so3369789qwh.31 for <dnsext@ietf.org>; Mon, 28 Feb 2011 09:38:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=I8q7wBluY+ygZG1aHafEvBgvLwa6Dip+k2FgukyU4oM=; b=C5ms3IspqLJMgsmaf8OfRzle98r5Y2hzlBiaRtORRZrs6PziM9WA0RhQnSwmM30oaz nT/mKAX3+w2B5S0oHaW/EthhlDWZ/ihcs6Iv8O0LmsgAqXFHhQ/2DlW7SkdBQPTrACno zqciqCbB24Q2xJw2Gu3jMYj8sx3IMzGpg0rw8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=SjcReROsGWIsr+x+A4RhbFnFinDwwFKr2qCyQBJ6mb3Cm49HnfduQPd5MCm0vaL0Ka qnEgvEnfQqTNFSfBfeeRqd0/3LvaStm4aEPbd4AVD4bqitGJVzRZvBIFg7js3zqqKzN/ kMhNh3swBaIv9NRBH42xvAoJyYvvdprsLI5/c=
MIME-Version: 1.0
Received: by 10.229.189.20 with SMTP id dc20mr4447708qcb.231.1298914736991; Mon, 28 Feb 2011 09:38:56 -0800 (PST)
Received: by 10.229.98.210 with HTTP; Mon, 28 Feb 2011 09:38:56 -0800 (PST)
In-Reply-To: <AANLkTi=DLzBEQFLqAmPccbdt63LDSp1cRzShnYkuiDQB@mail.gmail.com>
References: <20110227182720.6537.qmail@joyce.lan> <552AB7D12FAB50296E795CF5@Ximines.local> <alpine.BSF.2.00.1102271336340.6604@joyce.lan> <AF3A2DE418832E7A91CD07A5@Ximines.local> <alpine.BSF.2.00.1102271457570.7355@joyce.lan> <AANLkTi=DLzBEQFLqAmPccbdt63LDSp1cRzShnYkuiDQB@mail.gmail.com>
Date: Mon, 28 Feb 2011 09:38:56 -0800
Message-ID: <AANLkTikJvkK27huT0FSQ=1DF2HS1hwUS3TL1u988h8gN@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "John R. Levine" <johnl@iecc.com>, dnsext@ietf.org
Subject: Re: [dnsext] the same in old days, was making names the same NEED protocol changes?
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Feb 2011 17:37:57 -0000

On Mon, Feb 28, 2011 at 7:07 AM, Phillip Hallam-Baker <hallam@gmail.com> wrote:
<snip>

> So attempting to make two names resolve alike without change at either
> the application client or the application server is a fools errand.

I'm not sure how you see this split based on the text above.  My
personal take is that if you want two names be "treated the same" by
an application, you can do one of three things:

1) Make one name refer to the other, transforming the problem of
"treating the same" into "pointing to the canonical name".

2) Provide for all the names equally, so that the same resources are
available at each name (this means not just things like
name-to-address mappings but also certificates with the names used on
them etc.).  This is expensive and difficult, but there may be some
methods to reduce the pain (subjectAltName, provisioning-based
mirroring of resources, new protocol methods).  I think a lot of the
discussion so far has been of the "are there useful DNS mechanisms
that could reduce this pain"?

3) Create a method that allows applications to know which names should
be treated as equivalent.  The difficulty here is primarily that any
names which are not within the same administrative boundary cannot be
treated as equivalent without the records related to both/N
administrative boundaries confirming the equivalence. So the
application would have to understand how to determine the
administrative boundaries, check for the confirmation of equivalence,
and then correctly apply whatever behaviors result from the two names
being the same.  This is far from trivial, as the
applications/protocols may have no defined behavior for "treat these
as the same".  Knowing they are to be treated as equivalent doesn't
help a lot for applications with no sense of what behavior should
result.


> is not going to work because that is simply not how the applications
> see the world.
>
><snip>
>
> If we decide we can change the application client, this whole problem
> becomes pretty straightforward. Either adopt the 'did you mean'
> pointer style approach or allow domains to nominate mappings of one
> charset to another.
>
Please do not use "mappings of one charset to another" to represent
this problem.   At this point, we are all mostly talking about the
Unicode character set and how to map labels derived from sequences of
Unicode characters.

regards,

Ted Hardie

v2.23.0 | Report a Bug | By Email