IETF Logo Mail Archive

Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draft-ietf-dns-alt-tld

"Independent Submissions Editor (Eliot Lear)" <rfc-ise@rfc-editor.org> Mon, 08 August 2022 10:16 UTC

Return-Path: <rfc-ise@rfc-editor.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66E8BC15C52B for <dnsop@ietfa.amsl.com>; Mon, 8 Aug 2022 03:16:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 35iAgzAJBu3J; Mon, 8 Aug 2022 03:16:16 -0700 (PDT)
Received: from [IPV6:2001:420:c0f8:1003::56] (unknown [IPv6:2001:420:c0f8:1003::56]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPSA id C8991C15A737; Mon, 8 Aug 2022 03:16:08 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------1JXH3I5o944SqxDOwvedFo1a"
Message-ID: <c9031076-a424-887a-3c1d-b8beb0746f84@rfc-editor.org>
Date: Mon, 08 Aug 2022 12:16:05 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.11.0
Content-Language: en-US
To: Joe Abley <jabley@hopcount.ca>, Christian Huitema <huitema@huitema.net>
Cc: George Michaelson <ggm@algebras.org>, John Levine <johnl@taugh.com>, dnsop@ietf.org
References: <59965e06-b0bc-5cff-98c8-4809b2d7ff39@huitema.net> <5F5F9843-078B-4716-8723-733DC2FF3726@hopcount.ca>
From: "Independent Submissions Editor (Eliot Lear)" <rfc-ise@rfc-editor.org>
In-Reply-To: <5F5F9843-078B-4716-8723-733DC2FF3726@hopcount.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/IVzS8tMJjiR4O6pz0eyr6WyzHQw>
Subject: Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draft-ietf-dns-alt-tld
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2022 10:16:17 -0000

Hi Joe, Dave, Christian, John, George, and others,

Thank you for taking the volume down a notch.  It is much appreciated.

The ISE is looking for a way to have the work of the GNS published such 
that I am comfortable that if it achieves wild success (RFC 5218), its 
use is reasonably safe.  I use squishy words like “comfortable” and 
“reasonably safe”, because nobody here (especially me and including the 
researchers) has enough experience with the mechanisms involved to fully 
understand the security properties of this new namespace.

 From a researcher perspective, they would surely want to see their work 
used, and that implies a few things in general:

 1. Ease of implementation: ability to re-use code, including all of the
    parsers we have that handle DNS names, I18N, etc.
 2. Ease of deployment: ability to use whatever application and OS
    interfaces such as nsswitch.conf, a plugin in a browser, etc.
 3. A means to interface with the rest of the world, occasionally
    interacting with DNS.

Syntax changes, such as those John and others suggested (in fact I put 
this forward to the authors as an option), really don't advance the 
above goals.  But it is these very properties that gives rise to 
concerns around conflicts, leakage, and ambiguities, and all the 
assorted pain that RFC 8244 catalogs.

The community has more choices than Christian indicated.  One is that 
“You” carve out some space for namespaces like GNS, just as George 
suggested.  Warren's draft seems to comport itself to contours of that 
concept, which is why I came here. Also, the authors of 
draft-schanzen-gns seem to think that it is close to something they 
could use to be willing to engage here.  It also seems to me that such a 
draft is, roughly speaking, in line with the general principles of 
SSAC-113, as Andrew alluded, even if that document had the different 
goal of enabling privately or locally scoped namespaces.  Of course, 
there may be other approaches.

I caution against those approaches that would set such a high bar that 
they would require researchers to fork out hundreds of thousands of 
dollars on application fees alone plus who knows how much else for, as 
someone else wrote, an uncertain outcome.  They'll simply go elsewhere. 
That in itself would encourage squatting (or whatever you want to call 
it).  The benefits of avoiding squatting accrue not only to those 
researchers, but to those who use their technology, and others as well.

I put “You” in quotes above, because (a) it's not me who will decide 
these lofty issues, and I also don't get to decide who will.  The ISE 
only gets to decide about whether or not to publish the GNS draft as an 
RFC.  If the argument is truly over who “You” is rather than the 
solution, your friendly neighborhood ISE requests that You work that out 
in such a way that these researchers don't get caught in the switches.*  
If that requires one last invocation of 6761 or whatever else, then 
please consider it.  Let's call August “Be Kind to Namespace Researchers 
Month”!

Regards,

Eliot

* Ironically, when I typed "caught in the switches expression origin" 
into Google, one of the responses was a link to the Wikipedia entry for 
"Halt and Catch Fire".  Let's not let that happen here either ;-)

v2.23.0 | Report a Bug | By Email