Re: [DNSOP] additional special names Fwd: I-D Action: draft-chapin-additional-reserved-tlds-00.txt
Warren Kumari <warren@kumari.net> Sun, 02 March 2014 22:20 UTC
Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FDFF1A0B5C for <dnsop@ietfa.amsl.com>; Sun, 2 Mar 2014 14:20:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.079
X-Spam-Level:
X-Spam-Status: No, score=-0.079 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wu1mXrVkcALp for <dnsop@ietfa.amsl.com>; Sun, 2 Mar 2014 14:20:51 -0800 (PST)
Received: from mail-wg0-f51.google.com (mail-wg0-f51.google.com [74.125.82.51]) by ietfa.amsl.com (Postfix) with ESMTP id 64ED11A0B51 for <dnsop@ietf.org>; Sun, 2 Mar 2014 14:20:51 -0800 (PST)
Received: by mail-wg0-f51.google.com with SMTP id a1so2381343wgh.22 for <dnsop@ietf.org>; Sun, 02 Mar 2014 14:20:48 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=ZgxU/IdAEYYsAK1BD+/GbTsXujAi3vXM0A4rKq3yed4=; b=aYxAU58NrN1Dt73qHZTF0Tr+kH6nFBWuV420vJJ4sbm5PXvfAdTFNTNhYNjUlgVhkO qVM0c6Dmk/mSDQooxMr/5/t/ESy7UYXhDY1kwGOjpki7JDa4XwOaWOBCvzP+TJC2m2mn 45+SS7E21heZYobytQCzli0s3CyVqg9/nlFoJ662o3m9UbHAQtbtTyAXzfEZJKUriDLH 5tjWo0B/ZG9/m9jvIbZ9eDWRz0jSjxoXMmR6qGgeACTCKRmSbY6c00cfzMPlpjBquEgc fBBQAMmRjkoGVirxUonNGORFAG+sACEuy+kTbG9xZ8R0HsiOxCy0wSD0oEByXaY8LNl8 +vzg==
X-Gm-Message-State: ALoCoQkX/O3e5K3bmJHkY0qTkB/DCJ6UkBd0qfS4anKT6aDP4s9xF7uB97kAgn1LZSc+Fkha5Kp1
MIME-Version: 1.0
X-Received: by 10.195.13.103 with SMTP id ex7mr12173670wjd.3.1393798848228; Sun, 02 Mar 2014 14:20:48 -0800 (PST)
Received: by 10.194.54.167 with HTTP; Sun, 2 Mar 2014 14:20:48 -0800 (PST)
X-Originating-IP: [130.129.154.28]
In-Reply-To: <8FEAF0FC-2AC3-4F39-9825-7068AAA6E40D@hopcount.ca>
References: <20140129055438.2402.qmail@joyce.lan> <97E20887-2B9C-4EAD-826B-043306605F88@fl1ger.de> <54BE75D7-E70B-46AB-93C1-042E655BB5E7@apple.com> <D0AC0015-63C3-4C03-A8D0-888C435D2775@virtualized.org> <20140226100311.E73CA1069B39@rock.dv.isc.org> <8FEAF0FC-2AC3-4F39-9825-7068AAA6E40D@hopcount.ca>
Date: Sun, 02 Mar 2014 22:20:48 +0000
Message-ID: <CAHw9_iJa_OhzHVCQ4L0Aj+m=zAp6w=mJpAV-_ueh9iukhb3bnA@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
To: Joe Abley <jabley@hopcount.ca>
Content-Type: text/plain; charset="ISO-8859-1"
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/DVttc-CMqjfIk9_ov-YcitJYM4I
Cc: Stuart Cheshire <cheshire@apple.com>, "dnsop@ietf.org WG" <dnsop@ietf.org>, David Conrad <drc@virtualized.org>
Subject: Re: [DNSOP] additional special names Fwd: I-D Action: draft-chapin-additional-reserved-tlds-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Mar 2014 22:20:54 -0000
On Wed, Feb 26, 2014 at 2:34 PM, Joe Abley <jabley@hopcount.ca> wrote: > > On 26 Feb 2014, at 5:03, Mark Andrews <marka@isc.org> wrote: > >> In message <D0AC0015-63C3-4C03-A8D0-888C435D2775@virtualized.org>, David Conrad >> writes: >> >>> On Feb 25, 2014, at 9:51 AM, Stuart Cheshire <cheshire@apple.com> wrote: >>>> If we have *some* pseudo-TLDs reserved for local-use names, >>> >>> I would think = >>> http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#User-assigned_code_element= >>> s would be appropriate for this purpose. >>> >>> Regards, >>> -drc >> >> Whatever is used needs to be insecurely delegated so that in app >> validation will work. > > I still don't see why we need a TLD, or a delegation/reservation under ARPA. > > There are many, many TLDs under which an application/protocol implementer can reserve some namespace for their exclusive use at low cost ($10/year, say). Why is this approach not preferred for a new application/protocol? It seems far simpler. Yes, and it is -- but it means that leakages hit more folk. > > Perhaps all that is missing is some guidance that says "you shouldn't hijack namespaces that you don't control, even for non-DNS applications; register a domain instead". Because for some things, people specifically do *not* want it to hit / go through the DNS -- this is why they have done this, and *not* just registered e.g onion.com... For example, I'm a *huge* Justin Beiber fan. I, and a bunch of my fellow closet Bieberites hang out on the-bieb-is-cool.onion. (you don't really think we want everyone to know that we obsess over every little antic, do you?) Last week I emailed my friend a link to http://www.the-bieb-is-cool.onion/Justins_New_Shoes.html. Unfortunately, he was just *so* excited to see that the Bieb has new sneakers that he clicked on the link from his phone (which doesn't have the ToR interceptor software installed). This, of course, means that the "DNS like" name, which should not really be used in a DNS context suddenly hit the DNS. Only his recursive and the root saw this, and that's embarrassing enough, thank you. This is bad enough, but if people built stuff like this under .onion.eff.org (or foo.onion.arpa), there would now be many more people in the list who knew our shameful little secret. Obviously this is a somewhat contrived example (after all, who wouldn't want to make it widely known that they *love* Justin Bieber!), but lets instead pretend I'm using an overlay network as a political dissident, or to discuss my sexual orientation, or... This is some of the justification behind the .ALT TLD proposal (http://tools.ietf.org/html/draft-wkumari-dnsop-alt-tld-00) -- create a special label to be used to denote that this is not actually a name in the DNS context. By reserving it as a special use name: A: It creates a "safe" namespace, secure from collision for people to root namespaces that have no meaning in a DNS context. B: when one of these names *does* leak (as they will), iterative resolvers will be authoritative, with an empty zone, so the-bieb-is-cool.onion.alt only gets seen by the iterative and goes no further. C: When one does go further (as they will), the root can delegate to AS112, while can squash it. D: 4 years from now, when someone comes along and says "I created a shiny new directory system. I used something that looks like DNS names, and I placed it under .pony. Please reserve that for me" the IESG can at least say "But we told you not to do that..." They can also a: reserve it, b: not, or c: we can have another thread about this all again, but now at least we can nod knowingly and feel all superior... W P.S: Note: I did *not* say what should happen with the current pseudo-TLDs / colliding names. They can move under .ALT or they can not. The IESG can reserve them, or not, or bury them in peat, or paint them purple and dress them in wellies. I have views on what I think makes sense, but that's a separate mail..... > > Joe > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dn
- Re: [DNSOP] additional special names Fwd: I-D Act… John Levine
- Re: [DNSOP] additional special names Fwd: I-D Act… Paul Hoffman
- [DNSOP] additional special names Fwd: I-D Action:… Suzanne Woolf
- Re: [DNSOP] additional special names Fwd: I-D Act… Stephane Bortzmeyer
- Re: [DNSOP] additional special names Fwd: I-D Act… Stuart Cheshire
- Re: [DNSOP] additional special names Fwd: I-D Act… George Michaelson
- Re: [DNSOP] additional special names Fwd: I-D Act… John Levine
- Re: [DNSOP] additional special names Fwd: I-D Act… Jim Reid
- Re: [DNSOP] additional special names Fwd: I-D Act… Paul Hoffman
- Re: [DNSOP] additional special names Fwd: I-D Act… Paul Hoffman
- Re: [DNSOP] additional special names Fwd: I-D Act… John R Levine
- Re: [DNSOP] additional special names Fwd: I-D Act… Lyman Chapin
- Re: [DNSOP] additional special names Fwd: I-D Act… Stuart Cheshire
- Re: [DNSOP] additional special names Fwd: I-D Act… Stuart Cheshire
- Re: [DNSOP] additional special names Fwd: I-D Act… John Levine
- Re: [DNSOP] additional special names Fwd: I-D Act… Paul Hoffman
- Re: [DNSOP] additional special names Fwd: I-D Act… Ralf Weber
- Re: [DNSOP] additional special names Fwd: I-D Act… Paul Hoffman
- Re: [DNSOP] additional special names Fwd: I-D Act… Ralf Weber
- Re: [DNSOP] additional special names Fwd: I-D Act… Joe Abley
- Re: [DNSOP] additional special names Fwd: I-D Act… Ralf Weber
- Re: [DNSOP] additional special names Fwd: I-D Act… Mark Andrews
- Re: [DNSOP] additional special names Fwd: I-D Act… Ted Lemon
- Re: [DNSOP] additional special names Fwd: I-D Act… Stephane Bortzmeyer
- Re: [DNSOP] additional special names Fwd: I-D Act… Paul Hoffman
- Re: [DNSOP] additional special names Fwd: I-D Act… Joe Abley
- Re: [DNSOP] additional special names Fwd: I-D Act… Mark Andrews
- Re: [DNSOP] additional special names Fwd: I-D Act… Joe Abley
- Re: [DNSOP] additional special names Fwd: I-D Act… Ted Lemon
- Re: [DNSOP] additional special names Fwd: I-D Act… Andrew Sullivan
- Re: [DNSOP] additional special names Fwd: I-D Act… jonne.soininen
- Re: [DNSOP] additional special names Fwd: I-D Act… George Michaelson
- Re: [DNSOP] additional special names Fwd: I-D Act… Ted Lemon
- Re: [DNSOP] additional special names Fwd: I-D Act… George Michaelson
- Re: [DNSOP] additional special names Fwd: I-D Act… John Levine
- Re: [DNSOP] additional special names Fwd: I-D Act… Andrew Sullivan
- Re: [DNSOP] additional special names Fwd: I-D Act… Ted Lemon
- Re: [DNSOP] additional special names Fwd: I-D Act… George Michaelson
- Re: [DNSOP] additional special names Fwd: I-D Act… Andrew Sullivan
- Re: [DNSOP] additional special names Fwd: I-D Act… Ted Lemon
- Re: [DNSOP] additional special names Fwd: I-D Act… Ted Lemon
- Re: [DNSOP] additional special names Fwd: I-D Act… jonne.soininen
- Re: [DNSOP] additional special names Fwd: I-D Act… Paul Vixie
- Re: [DNSOP] additional special names Fwd: I-D Act… Andrew Sullivan
- Re: [DNSOP] additional special names Fwd: I-D Act… John Levine
- Re: [DNSOP] additional special names Fwd: I-D Act… Patrik Fältström
- Re: [DNSOP] additional special names Fwd: I-D Act… Jim Reid
- Re: [DNSOP] additional special names Fwd: I-D Act… Stephane Bortzmeyer
- Re: [DNSOP] additional special names Fwd: I-D Act… Stephane Bortzmeyer
- Re: [DNSOP] additional special names Fwd: I-D Act… Stephane Bortzmeyer
- Re: [DNSOP] additional special names Fwd: I-D Act… Andrew Sullivan
- Re: [DNSOP] additional special names Fwd: I-D Act… Joe Abley
- Re: [DNSOP] additional special names Fwd: I-D Act… Paul Ferguson
- Re: [DNSOP] additional special names Fwd: I-D Act… Suzanne Woolf
- Re: [DNSOP] additional special names Fwd: I-D Act… John Levine
- Re: [DNSOP] possibly quite a lot of additional sp… John Levine
- Re: [DNSOP] additional special names Fwd: I-D Act… joel jaeggli
- Re: [DNSOP] additional special names Fwd: I-D Act… Ted Lemon
- Re: [DNSOP] additional special names Fwd: I-D Act… Stuart Cheshire
- Re: [DNSOP] additional special names Fwd: I-D Act… Mark Andrews
- Re: [DNSOP] additional special names Fwd: I-D Act… Stuart Cheshire
- Re: [DNSOP] additional special names Fwd: I-D Act… Mark Andrews
- Re: [DNSOP] additional special names Fwd: I-D Act… David Conrad
- Re: [DNSOP] additional special names Fwd: I-D Act… Mark Andrews
- Re: [DNSOP] additional special names Fwd: I-D Act… Joe Abley
- Re: [DNSOP] additional special names Fwd: I-D Act… Paul Hoffman
- Re: [DNSOP] additional special names Fwd: I-D Act… David Conrad
- Re: [DNSOP] additional special names Fwd: I-D Act… John Levine
- Re: [DNSOP] additional special names Fwd: I-D Act… Mark Andrews
- Re: [DNSOP] additional special names Fwd: I-D Act… Mark Andrews
- Re: [DNSOP] additional special names Fwd: I-D Act… Paul Hoffman
- Re: [DNSOP] additional special names Fwd: I-D Act… Mark Andrews
- Re: [DNSOP] additional special names Fwd: I-D Act… David Conrad
- Re: [DNSOP] additional special names Fwd: I-D Act… Mark Andrews
- [DNSOP] DNSSEC, additional special names & draft-… Jim Reid
- Re: [DNSOP] DNSSEC, additional special names & dr… Mark Andrews
- Re: [DNSOP] DNSSEC, additional special names & dr… Jim Reid
- Re: [DNSOP] DNSSEC, additional special names & dr… Tony Finch
- Re: [DNSOP] DNSSEC, additional special names & dr… Tony Finch
- Re: [DNSOP] DNSSEC, additional special names & dr… Jim Reid
- Re: [DNSOP] DNSSEC, additional special names & dr… Tony Finch
- [DNSOP] admin note Re: additional special names F… Suzanne Woolf
- Re: [DNSOP] DNSSEC, additional special names & dr… John Levine
- Re: [DNSOP] DNSSEC, additional special names & dr… Joe Abley
- Re: [DNSOP] DNSSEC, additional special names & dr… John R Levine
- Re: [DNSOP] DNSSEC, additional special names & dr… Andrew Sullivan
- Re: [DNSOP] additional special names Fwd: I-D Act… Stephane Bortzmeyer
- Re: [DNSOP] additional special names Fwd: I-D Act… Stuart Cheshire
- Re: [DNSOP] additional special names Fwd: I-D Act… Warren Kumari
- Re: [DNSOP] additional special names Fwd: I-D Act… Norbert Bollow
- Re: [DNSOP] additional special names Fwd: I-D Act… joel jaeggli
- Re: [DNSOP] additional special names Fwd: I-D Act… Jelte Jansen
- Re: [DNSOP] additional special names Fwd: I-D Act… Joe Abley
- Re: [DNSOP] additional special names Fwd: I-D Act… Ted Lemon
- Re: [DNSOP] additional special names Fwd: I-D Act… Joe Abley
- Re: [DNSOP] additional special names Fwd: I-D Act… Ted Lemon
- Re: [DNSOP] additional special names Fwd: I-D Act… Tony Finch
- Re: [DNSOP] additional special names Fwd: I-D Act… Ted Lemon
- Re: [DNSOP] additional special names Fwd: I-D Act… Jelte Jansen
- Re: [DNSOP] additional special names Fwd: I-D Act… Andrew Sullivan
- Re: [DNSOP] additional special names Fwd: I-D Act… Olafur Gudmundsson
- Re: [DNSOP] additional special names Fwd: I-D Act… Jelte Jansen
- Re: [DNSOP] additional special names Fwd: I-D Act… Warren Kumari
- Re: [DNSOP] additional special names Fwd: I-D Act… Joe Abley
- Re: [DNSOP] additional special names Fwd: I-D Act… Warren Kumari
- Re: [DNSOP] additional special names Fwd: I-D Act… Warren Kumari
- Re: [DNSOP] additional special names Fwd: I-D Act… Joe Abley
- Re: [DNSOP] additional special names Fwd: I-D Act… Stephane Bortzmeyer
- Re: [DNSOP] additional special names Fwd: I-D Act… Warren Kumari
- Re: [DNSOP] additional special names Fwd: I-D Act… Tim Wicinsku
- Re: [DNSOP] additional special names Fwd: I-D Act… Suzanne Woolf