Re: [DNSOP] Public Suffix List

Andrew Sullivan <ajs@commandprompt.com> Mon, 09 June 2008 21:42 UTC

Return-Path: <dnsop-bounces@ietf.org>
X-Original-To: dnsop-archive@optimus.ietf.org
Delivered-To: ietfarch-dnsop-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 03F3D3A689A; Mon, 9 Jun 2008 14:42:03 -0700 (PDT)
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A40073A689A for <dnsop@core3.amsl.com>; Mon, 9 Jun 2008 14:42:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.549
X-Spam-Level:
X-Spam-Status: No, score=-1.549 tagged_above=-999 required=5 tests=[AWL=0.186, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mnCfpLsI+RdB for <dnsop@core3.amsl.com>; Mon, 9 Jun 2008 14:42:00 -0700 (PDT)
Received: from lists.commandprompt.com (host-159.commandprompt.net [207.173.203.159]) by core3.amsl.com (Postfix) with ESMTP id C8C603A67AD for <dnsop@ietf.org>; Mon, 9 Jun 2008 14:42:00 -0700 (PDT)
Received: from commandprompt.com (227-54-222-209.mycybernet.net [209.222.54.227]) (authenticated bits=0) by lists.commandprompt.com (8.13.8/8.13.8) with ESMTP id m59Lhq4g006299 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <dnsop@ietf.org>; Mon, 9 Jun 2008 14:43:56 -0700
Date: Mon, 9 Jun 2008 17:42:16 -0400
From: Andrew Sullivan <ajs@commandprompt.com>
To: dnsop@ietf.org
Message-ID: <20080609214215.GF10260@commandprompt.com>
References: <484CFF47.1050106@mozilla.org> <20080609142926.GC83012@commandprompt.com> <484D4191.104@mozilla.org> <20080609154002.GA93967@commandprompt.com> <484D5206.3000806@mozilla.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <484D5206.3000806@mozilla.org>
User-Agent: Mutt/1.5.17 (2007-11-01)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (lists.commandprompt.com [207.173.203.159]); Mon, 09 Jun 2008 14:43:56 -0700 (PDT)
Subject: Re: [DNSOP] Public Suffix List
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsop-bounces@ietf.org
Errors-To: dnsop-bounces@ietf.org

On Mon, Jun 09, 2008 at 04:53:42PM +0100, Gervase Markham wrote:

> > What you're really
> > trying to do here is extract meaning from the domain name, but you
> > can't do that reliably.  Previous efforts in that direction have
> > failed in unexpected ways; and given that you seem to have multiple
> > ways you want to use this feature, I don't see any reason to believe
> > you won't have surprising failures too.
> 
> I think your statements of doom need to be more specific.

I think you may be misplacing the burden of proof there.  We have
previous cases where apparently innocent inference of this sort of
metadata about domains turned out to be harmful.  I'm arguing, by way
of analogy, that it is not unreasonable to suppose your approach may
cause harm too.

Your response appears to be that you won't cause that kind of harm.
I'm sure that's true.  But my argument is that, because you are
relying on meanings that simply aren't in the DNS at all, your feature
is automatically fragile.  It will behave in ways that are surprising,
because the behaviour of cookies (and, for that matter, of grouping of
history stuff) will be based on hard-coded bits inaccessible to any
user unwilling to read the source code.  Also, new operators oFrom dnsop-bounces@ietf.org  Mon Jun  9 14:42:03 2008
Return-Path: <dnsop-bounces@ietf.org>
X-Original-To: dnsop-archive@lists.ietf.org
Delivered-To: ietfarch-dnsop-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 03F3D3A689A;
	Mon,  9 Jun 2008 14:42:03 -0700 (PDT)
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id A40073A689A
	for <dnsop@core3.amsl.com>om>; Mon,  9 Jun 2008 14:42:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.549
X-Spam-Level: 
X-Spam-Status: No, score=-1.549 tagged_above=-999 required=5 tests=[AWL=0.186, 
	BAYES_00=-2.599, HELO_MISMATCH_COM=0.553,
	HOST_MISMATCH_NET=0.311]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id mnCfpLsI+RdB for <dnsop@core3.amsl.com>om>;
	Mon,  9 Jun 2008 14:42:00 -0700 (PDT)
Received: from lists.commandprompt.com (host-159.commandprompt.net
	[207.173.203.159])
	by core3.amsl.com (Postfix) with ESMTP id C8C603A67AD
	for <dnsop@ietf.org>rg>; Mon,  9 Jun 2008 14:42:00 -0700 (PDT)
Received: from commandprompt.com (227-54-222-209.mycybernet.net
	[209.222.54.227]) (authenticated bits=0)
	by lists.commandprompt.com (8.13.8/8.13.8) with ESMTP id m59Lhq4g006299
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <dnsop@ietf.org>rg>; Mon, 9 Jun 2008 14:43:56 -0700
Date: Mon, 9 Jun 2008 17:42:16 -0400
From: Andrew Sullivan <ajs@commandprompt.com>
To: dnsop@ietf.org
Message-ID: <20080609214215.GF10260@commandprompt.com>
References: <484CFF47.1050106@mozilla.org>
	<20080609142926.GC83012@commandprompt.com>
	<484D4191.104@mozilla.org>
	<20080609154002.GA93967@commandprompt.com>
	<484D5206.3000806@mozilla.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <484D5206.3000806@mozilla.org>
User-Agent: Mutt/1.5.17 (2007-11-01)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0
	(lists.commandprompt.com [207.173.203.159]);
	Mon, 09 Jun 2008 14:43:56 -0700 (PDT)
Subject: Re: [DNSOP] Public Suffix List
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
	<mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
	<mailto:dnsop-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsop-bounces@ietf.org
Errors-To: dnsop-bounces@ietf.org

On Mon, Jun 09, 2008 at 04:53:42PM +0100, Gervase Markham wrote:

> > What you're really
> > trying to do here is extract meaning from the domain name, but you
> > can't do that reliably.  Previous efforts in that direction have
> > failed in unexpected ways; and given that you seem to have multiple
> > ways you want to use this feature, I don't see any reason to believe
> > you won't have surprising failures too.
> 
> I think your statements of doom need to be more specific.

I think you may be misplacing the burden of proof there.  We have
previous cases where apparently innocent inference of this sort of
metadata about domains turned out to be harmful.  I'm arguing, by way
of analogy, that it is not unreasonable to suppose your approach may
cause harm too.

Your response appears to be that you won't cause that kind of harm.
I'm sure that's true.  But my argument is that, because you are
relying on meanings that simply aren't in the DNS at all, your feature
is automatically fragile.  It will behave in ways that are surprising,
because the behaviour of cookies (and, for that matter, of grouping of
history stuff) will be based on hard-coded bits inaccessible to any
user unwilling to read the source code.  Also, new operators of f various
domains that may want to behave differently than your current
expectation will be disadvantaged by what you're doing.  Without
getting every current user in the world to upgrade their client, they
will continue to suffer that disadvantage to some extent.  That seems
like a kind of "harm" to me, but I appreciate that we may have
different meanings of that word.

Best regards,

A

-- 
Andrew Sullivan
ajs@commandprompt.com
+1 503 667 4564 x104
http://www.commandprompt.com/
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop


various
domains that may want to behave differently than your current
expectation will be disadvantaged by what you're doing.  Without
getting every current user in the world to upgrade their client, they
will continue to suffer that disadvantage to some extent.  That seems
like a kind of "harm" to me, but I appreciate that we may have
different meanings of that word.

Best regards,

A

-- 
Andrew Sullivan
ajs@commandprompt.com
+1 503 667 4564 x104
http://www.commandprompt.com/
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop