Re: [DNSOP] New Version Notification for draft-adpkja-dnsop-special-names-problem-00.txt

"Joe Abley" <> Thu, 26 November 2015 17:05 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 464011A1B4C for <>; Thu, 26 Nov 2015 09:05:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_8BIT_HEADER=0.3] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6Myk8kmH-_9B for <>; Thu, 26 Nov 2015 09:05:13 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:400d:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3BAA21A1B43 for <>; Thu, 26 Nov 2015 09:05:13 -0800 (PST)
Received: by qkda6 with SMTP id a6so28749386qkd.3 for <>; Thu, 26 Nov 2015 09:05:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-type; bh=g8ofMmQoRdCCs10Fg8w0skIj009VY5D5zNVAyG9zOqM=; b=Wg35ZFWScikrCNtihhykYYZS0ncmj75BAklgmcvYoMzEZASTaD6AhS2nY4i531WxK4 TadEsb682V9SwGYkeBhQO1iHAeKQwS0KxjSSbBkQs5scCnzXThknYMoiiOUaon1+yxoz LFeatOQDg9JHAhmpxEhgmaZnglTPQXHSZtrns=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-type; bh=g8ofMmQoRdCCs10Fg8w0skIj009VY5D5zNVAyG9zOqM=; b=m5cpU39jrHUclUvsz0LBn3gG5A18MVvazAcfkzZB9vG0PB7guu1k+rPQJBpaSyxQaS 7RI7fhPUli1fX6SksLhPP1y35lR1+SyOylkvHIhZQOygAnPYGebuSBGl2hD78hGrz8ZW io+llQJxUfrcmPEa310lC5Esq4vCGo6Lzvfdp7ISTS7j4FOmXW6YpaqZoEWPQ/epMMr4 lDNtJ6rSAL45CXPjQNQrnPXQNjvZkIkT3u9D5L+EkWdheZHDbUN48JkH+2wV8cDDW5hU Il0uvKvbtRCvJy3059jVUOb4tQjmt8lh8a+O/YEfNL5nv1jauoU/nfTLGqX9Zr4e6UPd Hc+Q==
X-Gm-Message-State: ALoCoQmARZ09nxCloqtDtpk0NZqXIrOMDrtgk+KTnTxltOQeqzOaI/3g4SvkTlsSXtPsY9vRG4I0
X-Received: by with SMTP id u27mr48594518qki.55.1448557512223; Thu, 26 Nov 2015 09:05:12 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id w198sm2539868qhb.26.2015. (version=TLSv1/SSLv3 cipher=OTHER); Thu, 26 Nov 2015 09:05:11 -0800 (PST)
From: Joe Abley <>
To: Patrik Fältström <>
Date: Thu, 26 Nov 2015 12:05:07 -0500
Message-ID: <>
In-Reply-To: <>
References: <> <> <>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=_MailMate_15414789-BAA6-4ADA-A75C-DB5FA7D22C69_="; micalg="pgp-sha1"; protocol="application/pgp-signature"
X-Mailer: MailMate (1.9.3r5187)
Archived-At: <>
Cc: dnsop WG <>
Subject: Re: [DNSOP] New Version Notification for draft-adpkja-dnsop-special-names-problem-00.txt
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 26 Nov 2015 17:05:15 -0000

Hi Patrik,

On 25 Nov 2015, at 0:40, Patrik Fältström wrote:

> I have read this draft and have a number of comments. I can not say these are the only ones, but at least some :-)
> The dominant protocol for name resolution on the Internet is the
> Domain Name System (DNS).  However, other protocols exist that are
> fundamentally different from the DNS, but which have syntactically-
> similar namespaces.
> I claim that if it is syntactically similar and the names are used interchangeable in protocols (see below) we actually DO talk about use of the same namespace. This is the camel in the tent, and I think we should just admit, or say clearly whether we do talk about, which I think we do, one name space with multiple resolution mechanisms.

That's a possible direction. However, I don't know how far we will get with that approach, since every additional example of a name resolution protocol comes with an attendant list of exceptions, e.g.

 - LOCALHOST -- it's a single, dotless name, and there's no hierarchy
 - LOCAL -- child labels can contain spaces and UTF-8-encoded symbols, single-label depth
 - ONION -- a single, fixed-width second-level label (base32-encoded first 80 bits of a SHA-1 hash) and anything at all under that (not relevant to the name resolution protocol, but perhaps useful to applications)

I think the useful point to make is that the intersection of all these sets of possible names is non-empty -- that is, you can trivially find examples of names that are legitimate to more than one name resolution protocol, and hence a potential source of confusion to end-users and applications.

> When an end-user triggers resolution of a name on a system which
> supports multiple, different protocols for name resolution, it is
> desirable that the protocol to be used is unambiguous, and that
> requests intended for one protocol are not inadvertently addressed
> using another.
> It is not so much different protocols as different resolution mechanisms. If you say "protocol" here, it might sounds like if with the DNS protocol you can not use multiple different resolution mechanisms (which I think one can -- one of them using the root managed by ICANN).

Yes, I think it would be better to choose a distinct phrase for what we're talking about here and define it early. I've used "name resolution protocol" for this, but no doubt there are better alternatives.

> Such usage, which a few commenters have referred to as "protocol
> switching," is not limited to "protocol switch" in the strict sense
> of indicating specific protocols on the wire.  It could indicate to
> switch to another name space (eg .onion), use a different protocol
> (eg tor, or mdns), or indicate to use a local DNS scope by not using
> the DNS root for name resolution (eg .home in homenet) or something
> else altogether.
> It is important (which I think also Stephane indicated) that we talk about different resolution mechanisms for the name itself. We do not talk about how to access the service in question.

I agree.

> At the time of writing, three top-level domain names reserved by
> inclusion in the Registry are used by name resolution protocols other
> than the DNS:
>    LOCALHOST is used to refer to the host on which the name
>    resolution takes place, without reference to the DNS;
>    LOCAL is used by the Multicast DNS protocol specified in [RFC6762]
>    which is similar in some respects to the DNS, but which uses
>    different well-known port number and is limited to a particular
>    multicast scope;
>    ONION is used to construct names that designate anonymous hidden
>    services reachable via the Tor network using onion routing.
> I think a better text to describe ONION would be:
>    ONION is used to construct names that designate
>    services reachable via the Tor network using onion routing.
> What about EXAMPLE?

I think (but have no citations handy to support my thinking) that EXAMPLE is a reserved top-level label in the DNS, not an example of what Alain called a protocol switch.

> The lack of a more elegant way to specify a
> name resolution protocol in (for example) a URI amounts to an
> architectural oversight.
> the architecture we have both the URI scheme and if you look further the URN definition to manage all different kind of switches. And we do not have to wake up the old discussion again whether HTTP://EXAMPLE.COM/ in reality should be URI:HTTP://EXAMPLE.COM/

I think we were imagining that if we could go back in time and insist that URIs such as


unambiguously referred to the onion name resolution protocol, then there would be little chance that these names would leak into other name resolution protocols' infrastructure (like the DNS) and that might provide the basis of some kind of solution to the problem of random (e.g.) e-mailed URLs causing leakage when encountered by end-users and robots that don't know about (say) onion names.

Unfortunately, all attempts to confirm that time travel will be available to me in the future have failed, to date. So either returning to the past to change the URI specification would cause a world-ending rift in space-time, or time travel is fictional. Just quietly, I suspect it's the former.

So, given that it's too dangerous to cross the time streams to fix the URI format, let's go with the ugly but de-facto identifier we have, which is the top label. We don't have to like it, we just have to acknowledge begrudgingly that it exists. That's the intended message in the text.

> I think the key issue here is that the different "strings" that look like "domain names" (i.e. are within the same name space) are used interchangeable wherever in the URI (or even URN) definition where "domain names" are to be used.
> If we accept the notion that the most significant label of a domain
> name is actually a protocol switch, it implies that we are actually
> building a catalog of all top level domains that explain which are
> are switches.
> What about not-yet-allocated strings in this catalog?

The problem space includes the problem of how a future name resolution protocol architect should register a selector ("switch") for her protocol, how that registration should be handled (and by whom), and what the operational implications to everybody else will be, I think.

> I think it is important to say that as of today (at least), the default resolution mechanism is to use the DNS, although a non-existing string today imply one apply the search path algorithm to chase down names.

That seems sensible to me too, although I think we need to acknowledge that doing so probably risks some leakage of other namespaces into the DNS.

> In the case of [I-
> D.ietf-dnsop-onion-tld], leakage of ONION queries on the Internet
> might lead to disclosure of private information that, in some cases,
> might pose a risk to the personal safety of end-users.
> More, less or similar to leakage when people use non-FQDN and their search path create surprises?

Right. There is no privacy. There is only Zuul.

I think identifying possible information leakage is responsible and sensible. I would hope we could do that without inferring that such leakage is a reason for PANIC! ALL! CAPS! hysteria, but in a practical sense I think it's important that sensible expectations are shared.

> This document aims to provide a problem statement that will inform
> future work.  Whilst security and privacy are fundamental
> considerations, this document expects that that future work will
> include such analysis, and hence no attempt is made to do so here.
> See among other places SAC-057 <>