Re: [DNSOP] Some distinctions and a request - Have some class?

joel jaeggli <joelja@bogus.com> Fri, 03 July 2015 15:54 UTC

Return-Path: <joelja@bogus.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C7661B3044 for <dnsop@ietfa.amsl.com>; Fri, 3 Jul 2015 08:54:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p2dmZWWMCF-S for <dnsop@ietfa.amsl.com>; Fri, 3 Jul 2015 08:54:25 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFFC61B3037 for <dnsop@ietf.org>; Fri, 3 Jul 2015 08:54:21 -0700 (PDT)
Received: from mb-aye.local ([IPv6:2601:1c0:c102:22fb:8834:ced3:5163:113e]) (authenticated bits=0) by nagasaki.bogus.com (8.14.9/8.14.9) with ESMTP id t63FsBfX090067 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 3 Jul 2015 15:54:12 GMT (envelope-from joelja@bogus.com)
To: Warren Kumari <warren@kumari.net>, manning <bmanning@karoshi.com>
References: <6CB05D82CE245B4083BBF3B97E2ED470C27498@ait-pex01mbx01.win.dtu.dk> <D1BAA21E.CA2E%edward.lewis@icann.org> <6CB05D82CE245B4083BBF3B97E2ED470C2759F@ait-pex01mbx01.win.dtu.dk> <6CB05D82CE245B4083BBF3B97E2ED470C275B2@ait-pex01mbx01.win.dtu.dk> <E225C721-7279-4053-97A2-2D63A155DA14@karoshi.com> <6CB05D82CE245B4083BBF3B97E2ED470C27602@ait-pex01mbx01.win.dtu.dk> <88E49F4B-64BD-4832-BD02-D1A882874E92@karoshi.com> <20150702234423.GB23022@mycre.ws> <EBDBDD70-046F-4E31-BDAC-A619EECD4F13@karoshi.com> <20150703012146.GA29948@mycre.ws> <DC13E07F-2203-4FE9-A67F-B5851A54298F@karoshi.com> <986E07DA-B174-4F81-BFB5-F5EAD46C506F@karoshi.com> <CAHw9_iJMZzrCM24gaMJpDNTHbKwF20DeVX7UszCMZuUvGnLaXw@mail.gmail.com>
From: joel jaeggli <joelja@bogus.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <5596B025.8050607@bogus.com>
Date: Fri, 03 Jul 2015 08:54:13 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.0
MIME-Version: 1.0
In-Reply-To: <CAHw9_iJMZzrCM24gaMJpDNTHbKwF20DeVX7UszCMZuUvGnLaXw@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="EpwxIm43nh0M3oLoP3OUM7guButxELI40"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/JOtOzjJXXKbb8r-XWqkEfoLF2ZM>
Cc: Robert Edmonds <edmonds@mycre.ws>, "dnsop@ietf.org" <dnsop@ietf.org>, Andrew Sullivan <ajs@anvilwalrusden.com>
Subject: Re: [DNSOP] Some distinctions and a request - Have some class?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jul 2015 15:54:27 -0000

On 7/3/15 7:01 AM, Warren Kumari wrote:
> On Fri, Jul 3, 2015 at 9:43 AM, manning <bmanning@karoshi.com> wrote:
>> Actually, there IS an escape method already defined.  We just don’t use it much these days.
>> It’s called  “class”
>>
>> There is no reason these alternate namespaces should sit in the IN class.  they could/should be in their
>> own class, like the old CHAOS protocols.   So  a class  “ONION” or “P2P” would work out very nicely.
> 
> Yup, but the problem is that people want to be able to enter the
> alternate namespace names into existing applications (like browsers,
> ssh, etc), just like a "normal" DNS name. They want to be able to
> email links around (like https://facebookcorewwwi.onion/ ) and have
> others click on them, etc.
> 
> There is no way that I know of to tell e.g Safari to look this up in a
> different class... and, even if there were, they would *still* leak,
> because people are lazy...

well before we just started  typing stuff in and let heuristics and
search engines divine what we meant, we had urns. I will  not suggest
that we're going back there UI wise but the heuristics can get  more
expressive. this can be largely a UI issue today in chrome, if I want to
send my query to a particular application e.g. wolfram alpha I do "= "
and proceed.

UI grooming in no way prevents leakage. nor does it preclude you from
having to divine the intentions of the user.

> W
> 
>>
>> After all it’s the Domain Name System.  (can comprehend names in multiple domains, not just the Internet)
>>
>> manning
>> bmanning@karoshi.com
>> PO Box 12317
>> Marina del Rey, CA 90295
>> 310.322.8102
>>
>>
>>
>> On 2July2015Thursday, at 20:56, manning <bmanning@karoshi.com> wrote:
>>
>>>
>>> On 2July2015Thursday, at 18:21, Robert Edmonds <edmonds@mycre.ws> wrote:
>>>
>>>> manning wrote:
>>>>>     There in lies the problem.  These systems have no way to disambiguate a local v. global scope.
>>>>>        It seems like the obvious solution is to ensure that these nodes do NOT have global scope, i.e. No connection to the Internets
>>>>>        and no way to attempt DNS resolution.   Or they need to ensure that DNS resolution occurs after every other “name lookup technology”
>>>>>        which is not global in scope.
>>>>
>>>> I don't understand this point.  Since Onion hidden service names are
>>>> based on hashes derived from public keys surely they're globally scoped
>>>> (barring hash collisions)?
>>>>
>>>> --
>>>> Robert Edmonds
>>>
>>> If they _are_ globally scoped,  what part of the local system decides which namespace to use, the ONION, the LOCAL, the P2P, the BIT, the BBSS, the DECnetV, the IXP, or the DNS…
>>> where is search order determined?  Does first match in any namespace win?  What is the tiebreaker when there are label collisions between namespaces?
>>>
>>>
>>> /bill
>>
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://www.ietf.org/mailman/listinfo/dnsop
> 
> 
>