Re: [DNSOP] I-D Action: draft-ietf-dnsop-alt-tld-13.txt

Warren Kumari <warren@kumari.net> Thu, 24 June 2021 21:31 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFBC03A2BE2 for <dnsop@ietfa.amsl.com>; Thu, 24 Jun 2021 14:31:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PiF5zVz3R5-A for <dnsop@ietfa.amsl.com>; Thu, 24 Jun 2021 14:31:31 -0700 (PDT)
Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F1043A2BE3 for <dnsop@ietf.org>; Thu, 24 Jun 2021 14:31:31 -0700 (PDT)
Received: by mail-lj1-x22b.google.com with SMTP id u11so9679584ljh.2 for <dnsop@ietf.org>; Thu, 24 Jun 2021 14:31:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=sBlfcU8V5THEPq+f3BlNKUxDsZC75Tas7ztkkQPLH9s=; b=i64IxHyWmVEhKQgZelAGa6Tb6MGVP2Gm0Oj4RFGFXurTC1WXOthhEWN10nePFyrVBE sPPwhNC0VRgE7N9lj2foIA9QZPSK0x3YC6guFdS2BOqyeM3jwPgNYBgs2BM36oP9wcU6 I5meRk2TjUd1veX0D2Cmc79AYfoTcVgCFXxyPq5lrnMYNxEqSpQLSOcC3RuIqnmgbP5d UEVMQv/VUV6t418IOPckcC/Z5q4fmQhVETOo2GPaxC3dOSqsOH1nZYjesdUh0I3s9NY9 thhSNyio8/6sxeGaGysnrVQN5EXAUdLPTPIqgUWsE3xkOa5tLbV39zyPcZc7eKpHzW0q PSSA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=sBlfcU8V5THEPq+f3BlNKUxDsZC75Tas7ztkkQPLH9s=; b=E7sLmoqbcUfTw2pqVSpSkoSfjRpT8APDHm1wuVkWu28n4XOW4Ig49Js88n5LBVxIGB NkHiJjny1tpcId5fZKvcFdBGhv4UOBA4dKV9qn9UaAr272PdY9w3OEntHU4UZBogVZcH UkOh+hQAqymHIbNFJ03ftSseC187c1pFnj9Ht0dcF7RjsVLir2XvU0Kx+Rtldf99XJ6g Tv47MUY5wIEC6nYxiSDPrS9tadFOiB/DZaOfqDRORyI+qgBQ0XXV1hCkkjIrOBVcpxs4 ONbluPnZL13Uxi9bOF3+GS1xdncm141GUDAlZbqXYxpNPvh+vZXdHveQApkL1gkibZMD zLkg==
X-Gm-Message-State: AOAM5333ZQGtIZzFTGweJfBf0GZRomPbofxxea/58cUVdvsOJMUaRiRE C9lB1FjI7aXVUPWy99bQbZo6BImvxVu4VG9Cs4ry0w==
X-Google-Smtp-Source: ABdhPJzKWTe90IWXEm13aAfxF1F+VRDZ6RBdjnDjf9SRZyQEbYogdi3JeL2PM9Eah1NlRxXQmyCuVZI2D0ZxcS2GyTo=
X-Received: by 2002:a2e:8497:: with SMTP id b23mr5452194ljh.126.1624570287428; Thu, 24 Jun 2021 14:31:27 -0700 (PDT)
MIME-Version: 1.0
References: <CAHbrMsDX63-GxozXUVFa-8VMFJreXeXZUMkZUZRY0=Psc0gDbA@mail.gmail.com> <20210624183744.491F8171A2CB@ary.qy>
In-Reply-To: <20210624183744.491F8171A2CB@ary.qy>
From: Warren Kumari <warren@kumari.net>
Date: Thu, 24 Jun 2021 17:30:51 -0400
Message-ID: <CAHw9_iJ1H_M-DA5YqDaRrh2jMNw8sO0Rn=tD6+HtV68cPReaCw@mail.gmail.com>
To: John Levine <johnl@taugh.com>
Cc: dnsop <dnsop@ietf.org>, Ben Schwartz <bemasc@google.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/BNHXOZNWoS_dDnjGfGg_VLqxxTY>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-alt-tld-13.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jun 2021 21:31:37 -0000

On Thu, Jun 24, 2021 at 2:38 PM John Levine <johnl@taugh.com> wrote:
>
> It appears that Ben Schwartz  <bemasc@google.com> said:
> >I think the "Privacy Considerations" section should probably mention QNAME
> >minimization, which ought to help a little.
>
> I'd also like it to say more clearly up front that .ALT is for names that are
> totally outside the DNS protocols, not for names handled locally using DNS protocols.
> It's for things like .onion, not like .local.


Yup, what John said.

The important part is: "This document reserves a string (ALT) to be
used as a TLD label **in non-DNS contexts.**" (emphasis added).

There are a bunch of different name resolution mechanisms - DNS is the
most common, but there are also an increasing number of things like
.onion, various blockchain-based systems (some of which have some cool
privacy features), etc.
For obvious reasons "alternate"[0] resolution systems use the same
format/style of names as the DNS (LDH, case insensitivity, etc) -
people want to be able to enter the identifiers into "normal"
applications and have them just work (e.g things like "foo:bar:baz"
don't work - ssh[1] for example won't pass this to a resolution call).
There are similar issues with defining new schemas, etc; there is a
reason that it's e.g http://www.facebookcorewwwi.onion/ and not
http://www.facebookcorewwwi.¯\_(ツ)_/¯/ or
hQQp://www.facebookcorewwwi.onion/.

Unfortunately, having multiple resolution systems using the same
namespace and syntax does not provide a signal to denote which
resolution mechanism should be used - clearly .com is "in the DNS" and
.onion isn't -- but this doesn't scale, and simply saying "the DNS is
the only resolution system" doesn't either....

I'm guessing that everyone knows all this, but we had lots of *long*
discussions around the various options in ~2014 - 2017, and I figured
that much of the state might have been paged out...
Some other background:
https://www.iab.org/activities/workshops/explicit-internet-naming-systems-ename/
https://www.ietf.org/blog/ename-workshop/


>
>
> >I would also be interested in seeing some guidance about interaction
> >between the relative form (.alt) and good old-fashioned search domains.  It
> >seems to me that the interaction there is poor... perhaps bad enough to
> >recommend using the absolute form only.
>
> I thought we all agreed that search lists are bad when .CS was added to the root.


Yup. There should indeed be some more text around search-lists and
search-list processing; much of the purpose of this is to be able to
differentiate the namespaces, and search-lists are a place where they
may bump into each other again.
John's right again -- we *did* all agree that search lists are bad
when .CS was added... and also in RFC 1123 (specifically, section
6.1.4.3 (2)), RFC 1535, and RFC 1536.
Andrew McConachie and I even started writing "DNS Search Lists
Considered Dangerous", before deciding that this was probably tilting
at windmills...


W
[0]: This isn't intended to be pejorative, I'm just trying to separate
these from what we normally assume in this community when we talk
about a name resolution system
[1]: OpenSSH_8.6p1, OpenSSL 1.1.1k  25 Mar 2021


>
>
> R's,
> John
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop



-- 
The computing scientist’s main challenge is not to get confused by the
complexities of his own making.
  -- E. W. Dijkstra