IETF Logo Mail Archive

Re: [DNSOP] Interim DNSOP WG meeting on Special Use Names: some reading material

Mark Andrews <marka@isc.org> Fri, 08 May 2015 01:31 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E22881B2D9A for <dnsop@ietfa.amsl.com>; Thu, 7 May 2015 18:31:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.389
X-Spam-Level:
X-Spam-Status: No, score=0.389 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MANGLED_DOMAIN=2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qlGPtPGI051k for <dnsop@ietfa.amsl.com>; Thu, 7 May 2015 18:30:59 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E03731B2D96 for <dnsop@ietf.org>; Thu, 7 May 2015 18:30:47 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id 600E03493CF; Fri, 8 May 2015 01:30:45 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id EC55A160033; Fri, 8 May 2015 01:31:00 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id D4C6216006D; Fri, 8 May 2015 01:31:00 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id mPTU8KR6G-FN; Fri, 8 May 2015 01:31:00 +0000 (UTC)
Received: from rock.dv.isc.org (c122-106-161-187.carlnfd1.nsw.optusnet.com.au [122.106.161.187]) by zmx1.isc.org (Postfix) with ESMTPSA id 5238B160033; Fri, 8 May 2015 01:31:00 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 3B9252DEAD71; Fri, 8 May 2015 11:30:42 +1000 (EST)
To: "Livingood, Jason" <Jason_Livingood@cable.comcast.com>
From: Mark Andrews <marka@isc.org>
References: <D5D3A5AC-41B5-4872-B973-2752275D651E@gmail.com> <D170E3E4.1011F2%jason_livingood@cable.comcast.com>
In-reply-to: Your message of "Thu, 07 May 2015 13:56:11 +0000." <D170E3E4.1011F2%jason_livingood@cable.comcast.com>
Date: Fri, 08 May 2015 11:30:41 +1000
Message-Id: <20150508013042.3B9252DEAD71@rock.dv.isc.org>
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/7MLqC518_jCTZ7QuFCEKOStsUPU>
Cc: Suzanne Woolf <suzworldwide@gmail.com>, "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] Interim DNSOP WG meeting on Special Use Names: some reading material
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 May 2015 01:31:01 -0000

In message <D170E3E4.1011F2%jason_livingood@cable.comcast.com>, "Livingood, Jas
on" writes:
> On 5/6/15, 2:07 PM, "Suzanne Woolf"
> <suzworldwide@gmail.com<mailto:suzworldwide@gmail.com>> wrote:
>
>>                2. In the particular cases of home/corp/mail, ICANN has
>> studied the possibilities of name collisions, and decided not to delegate
>> those names at this time. The proposal is that the IETF reserve those
>> names for unspecified special use permanently. It seems that an IETF
>> action on those names is redundant, unless it's in opposition to some
>> action contemplated under ICANN policy (for which there is no apparent
>> mechanism). Is the possibility of the same names considered under
>> multiple policies a problem?

"home", "corp" and perhaps "mail" need special handling if we really
want to not cause problems for those using those tlds internally.
To do this there needs to be a insecure delegation to break the
DNSSEC chain of trust.  This will allow any server to filter leaked
queries without causing validation failures.  It will also allow
DNSSEC validators to work without special knowledge of these tlds.

> By `redundant' do you mean the IETF should take no action? That seems to
> leave those names in a no-mans-land that could be problematic in the
> long-term, and the uncertainty could inhibit experimentation/investment
> in the home networking space.
>
> I'd rather see the IETF consider these names which are widely used and
> possibly add them to a new RFC, which then can be entered into and
> referred to from the IANA special-use domain name registry at
> http://www.iana.org/assignments/special-use-domain-names/special-use-domai
> n-names.xhtml


Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email