IETF Logo Mail Archive

Re: [DNSOP] Interim DNSOP WG meeting on Special Use Names: some reading material

Edward Lewis <edward.lewis@icann.org> Sat, 09 May 2015 11:08 UTC

Return-Path: <edward.lewis@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 757E41A6F3A for <dnsop@ietfa.amsl.com>; Sat, 9 May 2015 04:08:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.209
X-Spam-Level:
X-Spam-Status: No, score=-4.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id efVKBo-eUMDn for <dnsop@ietfa.amsl.com>; Sat, 9 May 2015 04:08:04 -0700 (PDT)
Received: from out.west.pexch112.icann.org (pfe112-ca-1.pexch112.icann.org [64.78.40.7]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 129D61A6F33 for <dnsop@ietf.org>; Sat, 9 May 2015 04:08:04 -0700 (PDT)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-2.pexch112.icann.org (64.78.40.23) with Microsoft SMTP Server (TLS) id 15.0.1044.25; Sat, 9 May 2015 04:08:01 -0700
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1044.021; Sat, 9 May 2015 04:08:01 -0700
From: Edward Lewis <edward.lewis@icann.org>
To: dnsop <dnsop@ietf.org>
Thread-Topic: [DNSOP] Interim DNSOP WG meeting on Special Use Names: some reading material
Thread-Index: AQHQiM2EQzpJgAEHlEW+E40c5ALkTZ1xS89fgAF1mgCAAC4yAIAAPGGAgADqFgA=
Date: Sat, 09 May 2015 11:08:00 +0000
Message-ID: <D173B4FC.B74F%edward.lewis@icann.org>
References: <20150508193400.55273.qmail@ary.lan> <FF464258-0C33-45CC-A684-BAB7BCE8A8FB@gmail.com>
In-Reply-To: <FF464258-0C33-45CC-A684-BAB7BCE8A8FB@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.9.150325
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.47.237]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="B_3514021676_45720866"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/Cxgc07UXCUGOVtS4rNqxmfoN2I8>
Subject: Re: [DNSOP] Interim DNSOP WG meeting on Special Use Names: some reading material
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 May 2015 11:08:05 -0000

On 5/9/15, 1:10, "Suzanne Woolf" <suzworldwide@gmail.com> wrote:

>I share David’s reservations about this— how do we objectively and
>reproducibly distinguish “people are using these in private networks”
>from “people are generating arbitrary traffic to the roots for these”?

One good characterization of the technical problem, although I'd modify
the former to "people...networks and leaking the queries to the root".  A
recipient of a DNS query cannot know why it was asked (no context).  So
whether this is a leak or a gaming cannot be determined in-band.

>Is there any concern for the IETF in a policy that says “If you start
>using an arbitrary name that isn’t currently in the root zone, you can
>just get the IETF to protect it for you”?

I find this above statement a little unclear.  Whose policy (as in ICANN
policy/IETF policy/someone else's policy)?

>Furthermore, given that ICANN has already said they won’t delegate these
>names in particular, how is it helpful for the IETF to also add them to
>the Special Use Names registry?

I'll throw out what is in my personal mental model on this topic (as
opposed to something explicitly documented elsewhere):

For the non-DNS software using identifiers.

If a layer in the software stack sees an identifier matching an entry in
the Special Use Names registry, it should avoid trying to resolve the name
using DNS.

This issue is about more than the DNS.  As far as the DNS, I believe it's
really only about how it can be kept from harming other identifier
systems[0] and not meant to be a way to "shape/prune" the DNS name space
tree.

[0] As in "name.onion." isn't a domain name, it's a string that happens to
have dots in it.  And at the end of it and otherwise appears to conform
with the "BNF" in RFC 103-something - but that's just coincidental.

v2.23.0 | Report a Bug | By Email