Re: [DNSOP] RFC 6761 discussion (“special names”)
Edward Lewis <edward.lewis@icann.org> Wed, 18 March 2015 15:46 UTC
Return-Path: <edward.lewis@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BE8A1A0086 for <dnsop@ietfa.amsl.com>; Wed, 18 Mar 2015 08:46:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.91
X-Spam-Level:
X-Spam-Status: No, score=-3.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pu230OliaCvL for <dnsop@ietfa.amsl.com>; Wed, 18 Mar 2015 08:46:45 -0700 (PDT)
Received: from out.west.pexch112.icann.org (pfe112-ca-1.pexch112.icann.org [64.78.40.7]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 733491A0092 for <dnsop@ietf.org>; Wed, 18 Mar 2015 08:46:45 -0700 (PDT)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) with Microsoft SMTP Server (TLS) id 15.0.847.32; Wed, 18 Mar 2015 08:46:43 -0700
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.0847.030; Wed, 18 Mar 2015 08:46:43 -0700
From: Edward Lewis <edward.lewis@icann.org>
To: dnsop <dnsop@ietf.org>
Thread-Topic: [DNSOP] RFC 6761 discussion (“special names”)
Thread-Index: AQHQYPr9zAxg22X27UeafXwMMJJ8dZ0iiR6AgAAsbgCAAA2pAP//0pOA
Date: Wed, 18 Mar 2015 15:46:43 +0000
Message-ID: <D12F09EC.9FA5%edward.lewis@icann.org>
References: <55089F07.5020200@gmail.com> <201503181101.t2IB1LBL099870@bela.nlnetlabs.nl> <375B88FB-79D8-404A-9543-C0B536FF5CAD@nominum.com> <201503181429.t2IETGBG034478@bela.nlnetlabs.nl>
In-Reply-To: <201503181429.t2IETGBG034478@bela.nlnetlabs.nl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.8.150116
x-originating-ip: [192.0.47.235]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="B_3509524001_5441418"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/QgD64PWmXpUOyvNVZaZ_T_uiSW0>
Subject: Re: [DNSOP] RFC 6761 discussion (“special names”)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Mar 2015 15:46:47 -0000
On 3/18/15, 10:29, "Jaap Akkerhuis" <jaap@NLnetLabs.nl> wrote: >The pointer from Suzanne to the liaison statement shows that >apparently this as been attended to in the past. Executive summary of my message below. Count me as utterly confused regarding the topic and agreeing that a deeper, focused discussion is warranted. The longer version: Along the lines of agreeing with Jaap, I'm not sure I really understand the Special-Use Domain Names registry as much as I thought anymore. The liaison statement is something I hadn't seen before, IMHO, if just because liaison statements aren't as accessible, searchable or well known as RFC's. More or less, this is a "communications" problem - publicizing results. Nevertheless, reading the liaison statement I came across this and wondered if more specific material is available: "Discussion of these requests under the process established in RFC 6761 has revealed difficulties in applying its guidelines in practice." I'm inclined to see that RFC 6761 can be improved, but wonder what "difficulties" were the basis of the statement's conclusion. More detail here would be helpful, especially is someone has already taken the time to do the work. Beyond the liaison statement, and back to the mission of the Special-Use Domain Names registry, I've had in mind that there is a separation between dotted strings that look like domain names and domain names themselves and this separation's inconsistent treatment is where we run into questions like whether something like .onion is a TLD or not or is deserving of being treated as a TLD. (I've used the term transliterated-DNS names in probably an inappropriate way to distinguish between how the DNS writes domain names into its master [zone] files and how the DNS protocol transmits names in UDP. Personally I've attached significance to dotted strings that are also seen on the wire as opposed to names that never get converted when it comes to whether a name is a domain name or just a dotted string. Yes, I am in the weeds on this one.) >From what I've read, one interpretation of a name in the Special-Use Domain Names registry is that it shouldn't de delegated in the root zone.[0] Another interpretation is that DNS "surface software" (my unqualified term for the API's and stubs) return all requests for such a name as NXDOMAIN without consulting DNS servers[1]. Yet another interpretation is that applications ought to consult the registry and if the name is there, do not even think to ask the DNS "surface software" about it.[2] Given these interpretations from what I've read, I move my marker to "a little confused" by the registry. Perhaps "defense in depth" principles says all of the interpretations ought to be applied. So, in a way, I see the liaison statement asking the DNSOP WG to define the criteria for treating a name (thinking mostly of dotted strings) as qualifying for a technical reservation (perhaps via the Special-Use Domain Names registry) and possibly defining what such a reservation means to implementations. [0] Raising the issue of the how a protocol like WhoIs or RDAP would report the name. [1] http://www.ietf.org/mail-archive/web/dnsop/current/msg13777.html And I don't think that gethostbyname() returned the RCODE, but its been many years since I looked. I appreciate that the message is using some shorthand, but this just adds to confusion. I.e., I read the first line as asking that the name be prevented form being in the root because it would be in the Special-Use Domain Name registry. [2] http://www.ietf.org/mail-archive/web/dnsop/current/msg13765.html PS - Even just reading RFC 6761 I get a bit confused. There's "if declaring a given name to be special would result in no change to any implementations, then that suggests that the name may not be special in any material way, and it may be more appropriate to use the existing DNS mechanisms" which though it's "negative" grammar leaves me wondering if it means that the Special-Use Domain Names are to be treated differently in applications outside of DNS. But later there is this quote, "it has to be defined to return NXDOMAIN" which to me implies the DNS "surface software" or even it's server software has to be modified.
- [DNSOP] RFC 6761 discussion (“special names”) Tim Wicinski
- Re: [DNSOP] RFC 6761 discussion (“special names”) Tim Wicinski
- Re: [DNSOP] RFC 6761 discussion (“special names”) hellekin
- Re: [DNSOP] RFC 6761 discussion (“special names”) Suzanne Woolf
- Re: [DNSOP] RFC 6761 discussion (“special names”) hellekin
- Re: [DNSOP] RFC 6761 discussion (“special names”) Jaap Akkerhuis
- Re: [DNSOP] RFC 6761 discussion (“special names”) Paul Hoffman
- Re: [DNSOP] RFC 6761 discussion (“special names”) Jaap Akkerhuis
- Re: [DNSOP] RFC 6761 discussion (“special names”) Ted Lemon
- Re: [DNSOP] RFC 6761 discussion (“special names”) hellekin
- Re: [DNSOP] RFC 6761 discussion (“special names”) Suzanne Woolf
- Re: [DNSOP] RFC 6761 discussion (“special names”) Edward Lewis