Re: [DNSOP] Accounting for Special Use Names in Application Protocols

Mark Nottingham <mnot@mnot.net> Tue, 05 February 2019 00:31 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D2CC12DF72 for <dnsop@ietfa.amsl.com>; Mon, 4 Feb 2019 16:31:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=Uk3spj8t; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=HBQ1c9+s
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oAGOHRXhaqPB for <dnsop@ietfa.amsl.com>; Mon, 4 Feb 2019 16:31:02 -0800 (PST)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B86D112DDA3 for <dnsop@ietf.org>; Mon, 4 Feb 2019 16:31:02 -0800 (PST)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 7A64822269; Mon, 4 Feb 2019 19:31:01 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Mon, 04 Feb 2019 19:31:01 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm1; bh=/ mDwCAJZ/IMn+RG0NWPgl5IvGMIm2zMeBUDL7U93lzo=; b=Uk3spj8tUjFAzKeIV pwCOuDioLtDqtquoeezZxBCquyf66oV40EZUuFY/j71TmQrFlmrn3x4Ah0Zf9ROi M0mquHltVDm/XgSTQAHZ85B4Ij3nTPoQkxLYcGKjxjaw+Bgo7NWOwsDoT9hyqvsV p3Sq12vo2XyvnMSFla3+W4xSKyuEouxZK8n5mB+06bBeAdVqWWh4pEdWPXtbm4ZM AsVLuQ9orzwSJ1tRa5vvGhdi2lBLscORa5YXdYujHH2rmf5LT+dxoN77Nxu5pq9/ 3wIO3ofGwsN4y37BBfzgePHtN64dvyrSjkzOLv+1W2VziyGCegSuYliKERcIKrT7 dVx9g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=/mDwCAJZ/IMn+RG0NWPgl5IvGMIm2zMeBUDL7U93l zo=; b=HBQ1c9+s+Hz4r7kBFFYfKjQGYBTqlt3Omi7gnIcpkqiLwqINnZQB1Vw7B 5I28ICFFAsb+gg8QYDTjpMAYH/iMMxfublceFm4Vt57DvObLDOSTxhd24sXP19RB Bm7H2s4anLbbDUSmWX+MzoE2Wdx81JJ2E5S7l5XlXlyf3D6eMXKqbR4JiK1HAYwg 75iqyIPQ7l6d7AbEI54E+5qYpWjO6yFgvJzR1bbfrIGjVsa4lEE4zji6D0J/Ytib HTC/6wykhqz3SUXoGeeU2Ze9oY9/uWjaqjJg3fyhPeYeQtnPVW9KjEQPkm99i8ur 6scgzlT0jb1o/vK/ptpxbCDiRy0DQ==
X-ME-Sender: <xms:Q9lYXBexGDnUxJqazDVOs0hHLgFhYj2Aiawqx4rnFItY1l8tXVDQnw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedtledrkeehgddvvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthenuceurghilhhouhhtmecufedt tdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurheptggguffhjgffgf fkfhfvofesthhqmhdthhdtvdenucfhrhhomhepofgrrhhkucfpohhtthhinhhghhgrmhcu oehmnhhothesmhhnohhtrdhnvghtqeenucffohhmrghinhepughothgrthdrrghtpdhmnh hothdrnhgvthenucfkphepudeggedrudefiedrudejhedrvdeknecurfgrrhgrmhepmhgr ihhlfhhrohhmpehmnhhothesmhhnohhtrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:Q9lYXJ4FtIaO25nrCqmeAffxhAATIK_szmgYxhdYLay_TpowMAevFA> <xmx:Q9lYXOjaJOs6uU8CJmL_4dUJgnsEYmFI_25axepaevprzhHuSLzULw> <xmx:Q9lYXLrw2XXHJYdoe9vyFpKHgAxuI8RV2rtYixBIU3s6JFFgJ6ffDg> <xmx:RdlYXIqTVYDDlq9lxXQbVjWtjdva9pIxlv1z9jCSBOVyfa1NCKZ3Nw>
Received: from attitudadjuster.mnot.net (unknown [144.136.175.28]) by mail.messagingengine.com (Postfix) with ESMTPA id AF10D10318; Mon, 4 Feb 2019 19:30:55 -0500 (EST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <CAH1iCip3C-4YchDLur3AFSmQhzouVdP-VGcbt0F6Sj9dEse3CQ@mail.gmail.com>
Date: Tue, 5 Feb 2019 11:30:50 +1100
Cc: Tony Finch <dot@dotat.at>, "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <057BE2A8-2F36-4458-AE7A-8FC06ACF7C11@mnot.net>
References: <0A018ACB-9958-4202-9263-00EA864E2C5C@mnot.net> <CAH1iCipj0pxP+xD_QSy7CCo4KOPBGKr8Qn4aX5YuJw+E1GV0aA@mail.gmail.com> <alpine.DEB.2.20.1901081213100.3160@grey.csi.cam.ac.uk> <CAH1iCip3C-4YchDLur3AFSmQhzouVdP-VGcbt0F6Sj9dEse3CQ@mail.gmail.com>
To: Brian Dickson <brian.peter.dickson@gmail.com>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/P4VXnhCx0Br32dS22BZHzYlnk3o>
Subject: Re: [DNSOP] Accounting for Special Use Names in Application Protocols
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Feb 2019 00:31:05 -0000

I've modified that slightly to come up with this proposal:

"""
HTTP and HTTPS URIs rely on some name resolution mechanism(s) to interpret the authority field and ultimately convert it into an identifier (typically, IPv4 or IPv6 addresses). Often, this is DNS [ref].

When DNS is consulted for resolution of the authority field, this specification requires adherence to the requirements that all registered special use names [RFC6761] place upon applications; if they are not honoured, security, privacy and interoperability issues may be encountered.
"""

Make sense?

Thanks,


> On 9 Jan 2019, at 1:23 pm, Brian Dickson <brian.peter.dickson@gmail.com> wrote:
> 
> 
> On Tue, Jan 8, 2019 at 4:21 AM Tony Finch <dot@dotat.at> wrote:
> Brian Dickson <brian.peter.dickson@gmail.com> wrote:
> 
> > I think it might be good to scope the 6761 issue, with something like the
> > following:
> 
> [SNIP]
> 
> > > I.e. it is necessary to recognize all special use names, and necessary to
> > > not resolve such names via DNS.
> 
> That's going too far: special-use domain names must have specific
> instructions to application authors, which might say not to use the
> DNS or might say to use the DNS as usual.
> 
> Hi, Tony,
> You are, of course, right. I think what I meant was, for the specific case of .onion, (what I said),
> and for the general case, (what you said). I.e. wherever an RFC for specific special use name exists,
> as linked by the IANA registry, those particular instructions MUST be followed, especially if not following
> those rules might/would break things (like the case of .onion vs DNS).
> 
> Brian
> 
>  
> David Schinazi's comment on the GitHub issue about referring to the IANA
> registry is good, and perhaps more useful than referring to RFCs directly.
> 
> Tony.
> -- 
> f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
> Trafalgar: Northeast 3 or 4, increasing 5 at times. Moderate. Fair. Good.

--
Mark Nottingham   https://www.mnot.net/