Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02

Joe Abley <jabley@hopcount.ca> Sat, 10 February 2018 21:21 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7A0D12DA53 for <dnsop@ietfa.amsl.com>; Sat, 10 Feb 2018 13:21:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hopcount.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zcN4GQkVWOrI for <dnsop@ietfa.amsl.com>; Sat, 10 Feb 2018 13:21:54 -0800 (PST)
Received: from mail-yw0-x229.google.com (mail-yw0-x229.google.com [IPv6:2607:f8b0:4002:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A76012706D for <dnsop@ietf.org>; Sat, 10 Feb 2018 13:21:54 -0800 (PST)
Received: by mail-yw0-x229.google.com with SMTP id m84so7542838ywd.5 for <dnsop@ietf.org>; Sat, 10 Feb 2018 13:21:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=pJd8Q3uJ4I41B7Jj+GOUeJl2WZTXB6hXzjSmhsPm3Eo=; b=OtqhlkO08w6b28/DjTSFIe1JPFQzuM2F/OLR2Qasxsxc7JsSyaMmOaKDpfTByWm19l 1n8XeSwhI14qcVrF/p98alGb/7bdpVB8R3OaSdx57xb5K1bLFOhDolw5n/tDfYJ+66kd HCbU+IMaKJTQuVxqCYcECqOaLg+7KdinYh6bw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=pJd8Q3uJ4I41B7Jj+GOUeJl2WZTXB6hXzjSmhsPm3Eo=; b=JuvGG5lBTvr6cighy2jE9FyeA99IEah7xNoT22E+P8cvRZVKw5d4k0dd3EMKRE/Bmy bqE37aU9zbrrFQ8zfugvlTW9vGqSMY+EQFzvDgkHY/7tXothyfEu0ug81BqKxDY5Ax0z Ft5RCMB45dD7Quag0sYsdFYGZlpSXUYx/GZ2wnw4uq6xCv9SoXS7/VBI2U2MHHmSCYBB MI+iMpRzk/HVvZ2MD0Hnd1UZpW78Tg8C+BlsJX0xIDsC19i8DqWzmdRL3EOmkhkHPDWB 5O9nh/3ijfTF9O10plwC0Qb/ZRaLQbv82cVVONBQaml8Ii6Yxgsq+LbW3QUEp1FQTAj5 tpdA==
X-Gm-Message-State: APf1xPBu7NI0XUYM5TEKbOSJV1qfOQljOZ0r+sDj3kGU4dVnSHcl94s3 K7DDhP8/2vxtSCLJmbvw+xwKTLEF3O4=
X-Google-Smtp-Source: AH8x227p4I3xduXKGhZIKpgaUeemHVELDAv/OXKQDNK9KDLLoVu5vIUWKUkmfQoY0cpQPfD4TYzwsg==
X-Received: by 10.13.232.21 with SMTP id r21mr3586826ywe.94.1518297712704; Sat, 10 Feb 2018 13:21:52 -0800 (PST)
Received: from ?IPv6:2607:f2c0:101:3:3c20:6629:9cd7:dad8? ([2607:f2c0:101:3:3c20:6629:9cd7:dad8]) by smtp.gmail.com with ESMTPSA id w143sm2038309ywg.104.2018.02.10.13.21.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 10 Feb 2018 13:21:51 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (1.0)
From: Joe Abley <jabley@hopcount.ca>
X-Mailer: iPad Mail (15D60)
In-Reply-To: <CAHw9_i+OhMckTx5rniXTJJHXZXHtHt8wYO2XU9_kCmdW+nswfg@mail.gmail.com>
Date: Sat, 10 Feb 2018 16:21:50 -0500
Cc: Andrew Sullivan <ajs@anvilwalrusden.com>, dnsop <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <78DB0408-9870-4855-936A-3C4774B2CDE7@hopcount.ca>
References: <2B1DC084-C6EA-41DA-9029-5E230874FCBE@isc.org> <29F25C57-31D1-4A07-875D-16E7612DB993@fugue.com> <E4C5AA7E-E9C1-4E53-ABE0-676A9B7B3269@isc.org> <618D31E1-8EC7-4F75-BD97-31D42CB1E681@fugue.com> <40992CF7-5740-43ED-8B78-8D8A9B50A15C@isc.org> <F28D0F1D-416E-4016-8A5A-95173FFFAA4E@fugue.com> <CANLjSvVd+vj8M+vBOokfpOL1fmq2iU9JAhSCd6eY_aoE1p5SMQ@mail.gmail.com> <97783B49-11C9-47F1-8F73-3D909C9B4DC4@fugue.com> <CANLjSvUV1RPR8nhLXCEL0WT9=2Lqb+4STh+7gSRPvv_Mmf-NTA@mail.gmail.com> <698033B2-09A6-4E66-82AD-04906D4DEA1B@fugue.com> <20180209225508.GC974@mx4.yitter.info> <CAHw9_i+OhMckTx5rniXTJJHXZXHtHt8wYO2XU9_kCmdW+nswfg@mail.gmail.com>
To: Warren Kumari <warren@kumari.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/G36Vg-sSZEWa8v5OQQQbNSRfqIg>
Subject: Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Feb 2018 21:21:56 -0000

Hi Warren,

I think the advice is good, but I wonder what the practical effect of writing it down would be. I doubt it would change any of the entrenched habits in enterprise systems and networking in our remaining lifetimes, for example, but perhaps I'm just being overly grumpy and am ignorant of some important dynamic that would change for the better.

On the other hand if the goal is simply to try and ensure that future work product of the IETF doesn't depend on search list processing, perhaps that's worth writing down? If we are the intended audience and the document's purpose is to document a consensus decision, perhaps that's a reason to work on it.


Joe

> On Feb 10, 2018, at 15:21, Warren Kumari <warren@kumari.net> wrote:
> 
>> On Fri, Feb 9, 2018 at 10:55 PM, Andrew Sullivan <ajs@anvilwalrusden.com> wrote:
>> Hi,
>> 
>>> On Tue, Feb 06, 2018 at 12:50:18AM -0500, Ted Lemon wrote:
>>> That's pretty clear.   This document is not forbidding the appearance of such names in the DNS, nor the resolution of such names.
>>> 
>> 
>> Instead, it is wanting to have its cake and eat it too.  Because…
>> 
>>> 
>>>   Note, however, that the admonition against searchlist usage could
>>>   affect their resolution in practice, as discussed in Section 3
>> 
>> …of the "admonition" (or whatever you want to call it).  In effect,
>> the document requires special-casing of "localhost" as a label in
>> every searchlist context.
>> 
>> If the goal is to say, "The search list is evil, and should not be
>> used," then say that.
> 
> <with no hats at all>
> Interestingly enough, Steve Sheng and I wrote just such a document a
> number of years ago (around the time of the initial name-collisions
> drama). Even though I'm 95% sure it included the phrase "tilting at
> windmills" my search foo fails me at the moment... but it basically
> deprecated search list processing in the DNS.
> There are many things which would be safer, less complex, and safer if
> search lists didn't exist -- would people be interested in discussing
> the idea, or is it just too out there?
> </hats>
> 
> 
>> Otherwise, what this document is _really_ doing
>> is altering STD13's search list processing, to include special-casing
>> of down-tree names.
>> I think that is the case despite this bit:
>> 
>>>       Application software MUST NOT use a searchlist to resolve a
>>>       localhost name.  That is, even if DHCP's domain search option
>>>       [RFC3397 <https://tools.ietf.org/html/rfc3397>] is used to
>>>       specify a searchlist of "example.com" for a given network,
>>>       the name "localhost" will not be resolved as
>>>       "localhost.example.com." but as "localhost.", and
>>>       "subdomain.localhost" will not be resolved as
>>>       "subdomain.localhost.example.com." but as
>>>       "subdomain.localhost.".
>> 
>> The reason I think that is because of the earlier part:
>> 
>>   2.  Application software MAY recognize localhost names as special, or
>>       MAY pass them to name resolution APIs as they would for other
>>       domain names.
>> 
>> If you can just pass this to a resolution API, then it's actually the
>> resolution API that needs to know to handle the search list rules
>> according to this new specification (this part of the specification
>> does not say that you can only use the API if you can tell the API not
>> to use search lists, &c).
>> 
>> I really do sympathise with the goal of the document, but I think it
>> is making a bigger change than it seems to understand.  And anyway, I
>> don't understand how the original 6761 text is the wrong approach:
>> given that it isn't even being followed on the Internet today, there's
>> no reason to suppose that this alternative approach is going to make
>> things any better.
>> 
>> Best regards,
>> 
>> A
>> 
>> --
>> Andrew Sullivan
>> ajs@anvilwalrusden.com
>> 
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://www.ietf.org/mailman/listinfo/dnsop
> 
> 
> 
> -- 
> I don't think the execution is relevant when it was obviously a bad
> idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair
> of pants.
>   ---maf
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop