Re: [DNSOP] New Version Notification for draft-adpkja-dnsop-special-names-problem-00.txt
"Patrik Fältström " <paf@frobbit.se> Wed, 25 November 2015 05:40 UTC
Return-Path: <paf@frobbit.se>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E7931B29F1 for <dnsop@ietfa.amsl.com>; Tue, 24 Nov 2015 21:40:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.836
X-Spam-Level:
X-Spam-Status: No, score=-1.836 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H-iahy4vsrrf for <dnsop@ietfa.amsl.com>; Tue, 24 Nov 2015 21:40:11 -0800 (PST)
Received: from mail.frobbit.se (mail.frobbit.se [IPv6:2a02:80:3ffe::176]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D183E1B29F3 for <dnsop@ietf.org>; Tue, 24 Nov 2015 21:40:10 -0800 (PST)
Received: from [10.43.7.39] (static-212-247-252-109.cust.tele2.se [212.247.252.109]) by mail.frobbit.se (Postfix) with ESMTPSA id 37301204C7; Wed, 25 Nov 2015 06:40:08 +0100 (CET)
From: Patrik Fältström <paf@frobbit.se>
To: Joe Abley <jabley@hopcount.ca>
Date: Wed, 25 Nov 2015 06:40:05 +0100
Message-ID: <EB6AB6D0-8808-49C2-90DE-F4E6E146BDE8@frobbit.se>
In-Reply-To: <68818B75-F6F6-44A1-BAF5-BB68B7BD86F6@hopcount.ca>
References: <20151019232608.9713.92337.idtracker@ietfa.amsl.com> <68818B75-F6F6-44A1-BAF5-BB68B7BD86F6@hopcount.ca>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=_MailMate_A9D92D2B-7747-40BC-9F60-592972520B49_="; micalg="pgp-sha1"; protocol="application/pgp-signature"
X-Mailer: MailMate (1.9.3r5184)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/AV2r_ZRtAxmtXkNvihqTFsdKJL4>
Cc: dnsop WG <dnsop@ietf.org>
Subject: Re: [DNSOP] New Version Notification for draft-adpkja-dnsop-special-names-problem-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2015 05:40:13 -0000
Hi, I have read this draft and have a number of comments. I can not say these are the only ones, but at least some :-) The dominant protocol for name resolution on the Internet is the Domain Name System (DNS). However, other protocols exist that are fundamentally different from the DNS, but which have syntactically- similar namespaces. I claim that if it is syntactically similar and the names are used interchangeable in protocols (see below) we actually DO talk about use of the same namespace. This is the camel in the tent, and I think we should just admit, or say clearly whether we do talk about, which I think we do, one name space with multiple resolution mechanisms. When an end-user triggers resolution of a name on a system which supports multiple, different protocols for name resolution, it is desirable that the protocol to be used is unambiguous, and that requests intended for one protocol are not inadvertently addressed using another. It is not so much different protocols as different resolution mechanisms. If you say "protocol" here, it might sounds like if with the DNS protocol you can not use multiple different resolution mechanisms (which I think one can -- one of them using the root managed by ICANN). Such usage, which a few commenters have referred to as "protocol switching," is not limited to "protocol switch" in the strict sense of indicating specific protocols on the wire. It could indicate to switch to another name space (eg .onion), use a different protocol (eg tor, or mdns), or indicate to use a local DNS scope by not using the DNS root for name resolution (eg .home in homenet) or something else altogether. It is important (which I think also Stephane indicated) that we talk about different resolution mechanisms for the name itself. We do not talk about how to access the service in question. At the time of writing, three top-level domain names reserved by inclusion in the Registry are used by name resolution protocols other than the DNS: LOCALHOST is used to refer to the host on which the name resolution takes place, without reference to the DNS; LOCAL is used by the Multicast DNS protocol specified in [RFC6762] which is similar in some respects to the DNS, but which uses different well-known port number and is limited to a particular multicast scope; ONION is used to construct names that designate anonymous hidden services reachable via the Tor network using onion routing. I think a better text to describe ONION would be: ONION is used to construct names that designate services reachable via the Tor network using onion routing. What about EXAMPLE? The lack of a more elegant way to specify a name resolution protocol in (for example) a URI amounts to an architectural oversight. Well...in the architecture we have both the URI scheme and if you look further the URN definition to manage all different kind of switches. And we do not have to wake up the old discussion again whether HTTP://EXAMPLE.COM/ in reality should be URI:HTTP://EXAMPLE.COM/ I think the key issue here is that the different "strings" that look like "domain names" (i.e. are within the same name space) are used interchangeable wherever in the URI (or even URN) definition where "domain names" are to be used. If we accept the notion that the most significant label of a domain name is actually a protocol switch, it implies that we are actually building a catalog of all top level domains that explain which are are switches. What about not-yet-allocated strings in this catalog? I think it is important to say that as of today (at least), the default resolution mechanism is to use the DNS, although a non-existing string today imply one apply the search path algorithm to chase down names. In the case of [I- D.ietf-dnsop-onion-tld], leakage of ONION queries on the Internet might lead to disclosure of private information that, in some cases, might pose a risk to the personal safety of end-users. More, less or similar to leakage when people use non-FQDN and their search path create surprises? This document aims to provide a problem statement that will inform future work. Whilst security and privacy are fundamental considerations, this document expects that that future work will include such analysis, and hence no attempt is made to do so here. See among other places SAC-057 <https://www.icann.org/en/system/files/files/sac-057-en.pdf> Patrik
- [DNSOP] Fwd: New Version Notification for draft-a… Joe Abley
- Re: [DNSOP] New Version Notification for draft-ad… Patrik Fältström
- Re: [DNSOP] New Version Notification for draft-ad… Paul Hoffman
- Re: [DNSOP] New Version Notification for draft-ad… Joe Abley
- Re: [DNSOP] New Version Notification for draft-ad… Patrik Fältström
- Re: [DNSOP] Fwd: New Version Notification for dra… Warren Kumari
- Re: [DNSOP] New Version Notification for draft-ad… John Levine
- Re: [DNSOP] New Version Notification for draft-ad… Alec Muffett
- Re: [DNSOP] New Version Notification for draft-ad… John R Levine
- Re: [DNSOP] New Version Notification for draft-ad… George Michaelson
- Re: [DNSOP] New Version Notification for draft-ad… Alec Muffett
- Re: [DNSOP] New Version Notification for draft-ad… Edward Lewis
- Re: [DNSOP] New Version Notification for draft-ad… John R Levine
- Re: [DNSOP] Fwd: New Version Notification for dra… Warren Kumari
- Re: [DNSOP] New Version Notification for draft-ad… Stuart Cheshire
- Re: [DNSOP] New Version Notification for draft-ad… Donald Eastlake
- Re: [DNSOP] New Version Notification for draft-ad… David Conrad