IETF Logo Mail Archive

Re: [DNSOP] new version submitted for draft-arends-private-use-tld

Roy Arends <roy.arends@icann.org> Tue, 26 May 2020 16:00 UTC

Return-Path: <roy.arends@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 192893A0786 for <dnsop@ietfa.amsl.com>; Tue, 26 May 2020 09:00:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b7IIm43DKJEh for <dnsop@ietfa.amsl.com>; Tue, 26 May 2020 09:00:26 -0700 (PDT)
Received: from ppa4.dc.icann.org (ppa4.dc.icann.org [192.0.46.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F79F3A077D for <dnsop@ietf.org>; Tue, 26 May 2020 09:00:26 -0700 (PDT)
Received: from PFE112-VA-2.pexch112.icann.org (out.east.pexch112.icann.org [162.216.194.10]) by ppa4.dc.icann.org (8.16.0.42/8.16.0.42) with ESMTPS id 04QG0OSJ027853 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 26 May 2020 16:00:24 GMT
Received: from PMBX112-E1-VA-1.pexch112.icann.org (162.216.194.24) by PMBX112-E1-VA-2.pexch112.icann.org (162.216.194.26) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 26 May 2020 12:00:21 -0400
Received: from PMBX112-E1-VA-1.pexch112.icann.org ([162.216.194.24]) by PMBX112-E1-VA-1.PEXCH112.ICANN.ORG ([162.216.194.24]) with mapi id 15.00.1497.006; Tue, 26 May 2020 12:00:21 -0400
From: Roy Arends <roy.arends@icann.org>
To: Petr Špaček <petr.spacek@nic.cz>
CC: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [DNSOP] new version submitted for draft-arends-private-use-tld
Thread-Index: AQHWM3bCvfDKzd01v0+7fE/DFwrA/g==
Date: Tue, 26 May 2020 16:00:21 +0000
Message-ID: <F2437D8B-E5A2-4406-A004-2B6AC588A99C@icann.org>
References: <91A33B60-7B70-4231-8ED8-662CFBB70445@icann.org> <2ed8bf72-565a-3e2c-0758-87f4a7935b88@nic.cz>
In-Reply-To: <2ed8bf72-565a-3e2c-0758-87f4a7935b88@nic.cz>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.47.234]
x-source-routing-agent: Processed
Content-Type: multipart/signed; boundary="Apple-Mail=_C3AF375E-0A57-4145-A6DC-A24230F0ABC5"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-05-26_02:2020-05-26, 2020-05-26 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/DJh_eknrxuK-YmH4YesIE7QesR8>
Subject: Re: [DNSOP] new version submitted for draft-arends-private-use-tld
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 May 2020 16:00:30 -0000

> On 26 May 2020, at 16:06, Petr Špaček <petr.spacek@nic.cz> wrote:
> 
> On 02. 05. 20 16:09, Roy Arends wrote:
>> Hi,
>> 
>> Ed and I just submitted a new version of our private-use TLD draft. 
>> 
>> https://www.ietf.org/id/draft-arends-private-use-tld-01.txt
>> 
>> This draft has substantial more information than the first draft. It explains that a private-use namespace does not exist, why it is needed, and how a namespace aligned with the user-assigned alpha-2 code elements in the ISO-3166-1 standard can be used as private-use namespace.
> 
> I think this is clever hack and should be documented, thank you!

Any time, thanks!

> Personally I'm bit torn because I've spent my whole professional career explaining people how bad idea it is to use non-delegated/non-unique names so I would really like to people from overusing this...
> 
> Would you be willing to add at least one paragraph with caution? Something along lines "private TLD should be used as _option of last resort_", or more verbose "these special TLDs should be used only when other options, e.g. private subtree under a properly delegated name, were considered and refused."

I’m not sure about ranking different methods of deployment as each has its own little idiosyncrasies that may be useful to the deployment scenario.

How about I add a section that details the additional complexities and adds caution in using this specific method, such as “Using a private use top level domain is not ‘more secure’ or ‘more private’ than using a public domain; it requires additional complexity in resolving and signing, etc, etc”

Does that work for you?

Thanks,

Roy

> 
> Thank you.
> 
> -- 
> Petr Špaček  @  CZ.NIC
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

v2.23.0 | Report a Bug | By Email