Re: [DNSOP] draft-lewis-domain-names-00.txt

Edward Lewis <edward.lewis@icann.org> Mon, 21 September 2015 14:50 UTC

Return-Path: <edward.lewis@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DD9E1B3258 for <dnsop@ietfa.amsl.com>; Mon, 21 Sep 2015 07:50:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.932
X-Spam-Level:
X-Spam-Status: No, score=-0.932 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, J_CHICKENPOX_45=0.6, RCVD_IN_DNSWL_MED=-2.3, SPF_NEUTRAL=0.779, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nnwFy225u29W for <dnsop@ietfa.amsl.com>; Mon, 21 Sep 2015 07:50:29 -0700 (PDT)
Received: from out.west.pexch112.icann.org (pfe112-ca-1.pexch112.icann.org [64.78.40.7]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 613211B3264 for <dnsop@ietf.org>; Mon, 21 Sep 2015 07:50:29 -0700 (PDT)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-2.pexch112.icann.org (64.78.40.23) with Microsoft SMTP Server (TLS) id 15.0.1044.25; Mon, 21 Sep 2015 07:50:26 -0700
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1044.021; Mon, 21 Sep 2015 07:50:26 -0700
From: Edward Lewis <edward.lewis@icann.org>
To: Jim Reid <jim@rfc1035.com>, Joe Abley <jabley@hopcount.ca>
Thread-Topic: [DNSOP] draft-lewis-domain-names-00.txt
Thread-Index: AQHQ8YNHdEo//bQ/vEaybYlWidLMPZ5CuraAgAAKsgCAACh8AIAACPqAgARSEgA=
Date: Mon, 21 Sep 2015 14:50:25 +0000
Message-ID: <D2258D17.F334%edward.lewis@icann.org>
References: <D2209363.F235%edward.lewis@icann.org> <CAKr6gn1aM0=Mi3343aaXKc=WtqGnJqoQm64+r4LDKzT0MyAF7A@mail.gmail.com> <14957733-EB45-45ED-9B5C-55B0943CDACD@fb.com> <45A1C205-3DF1-40A3-9282-CA8344805CBE@hopcount.ca> <FAF424AD-E95C-4D0B-9C9E-CCCD95B44181@rfc1035.com>
In-Reply-To: <FAF424AD-E95C-4D0B-9C9E-CCCD95B44181@rfc1035.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.5.150821
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.47.234]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="B_3525677420_6377676"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/GG4cf-r6UIAr1kai1gRXcMB-E7s>
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] draft-lewis-domain-names-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2015 14:50:35 -0000

On 9/18/15, 12:51, "DNSOP on behalf of Jim Reid" <dnsop-bounces@ietf.org
on behalf of jim@rfc1035.com>; wrote:

>
>On 18 Sep 2015, at 17:19, Joe Abley <jabley@hopcount.ca>; wrote:
>
>> Whether or not we should call an onion or mdns name a "domain name" or
>>something else is just a detail. I don't think agreeing on the answer is
>>going to solve any of the problems that we actually have
>
>+1

I'm a little surprised at this response and the plus one.

Here's the problem I see.

Lets say I want to write a very basic SSH client (just to make the story
simple).  Someone can then type "eds-ssh computer-name" and open up a
secured connection.

If computer-name ends in .local, I open TCP to an IP address from the
lookup in mDNS.

If computer-name ends in .onion, I open TCP to an IP address I get via Tor
(assuming that .onion supports remote shell).

If computer-name ends in a digit, I suppose it's an address literal and
open TCP accordingly.

If computer-name ends in whatever is in the DNS root zone, I find the
address in DNS.

If computer-name ends in something not in the DNS root zone, I return an
error.

The gotchas include, what if the latter two are indistinguishable because
the DNS resolver sent back a landing page - or the latter three if the
redirection service didn't recognize .onion as special.

What if, in a year from now, .carrot becomes yet another way to resolve
names?

What if, in the future, .alt is defined as having special meaning?  (Note
- the fact that .alt is in an actual ID and .carrot is purely fictional
means .carrot is closer to being an RFC. ;))

It seems to me that a new layer of software is emerging between the UI and
the stub resolver, one that will need to know where to send a name
resolution query.  (Perhaps even amongst DNS stub resolvers on different
interfaces.)  This emerging layer needs to know how to direct it's work
flow.  The Special Use Domain Names Registry would be the place to start
(but as it's written now, the emerging layer can't be future proofed).

These are just TLD examples, perhaps a simplification.

I see a fork in the codepath ahead regarding "whether the DNS is above
Domain Names" (like .alt) or whether "Domain Names are broader than what
was conveniently defined for a DNS".  It's important to know which of
those two statements are true so we can get on with Special Use Domain
Names, and perhaps to find ways to objectively assign new names for new
uses.

I think defining -whether- name.onion is a Domain Name will make us
re-think how Domain Names interoperate amongst protocols beyond the DNS.