Re: [DNSOP] DNSOPMoving forward on draft-ietf-dnsop-private-tld
Warren Kumari <warren@kumari.net> Mon, 02 August 2021 01:00 UTC
Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AB4A3A0827 for <dnsop@ietfa.amsl.com>; Sun, 1 Aug 2021 18:00:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gqb0WM9NrcgQ for <dnsop@ietfa.amsl.com>; Sun, 1 Aug 2021 18:00:53 -0700 (PDT)
Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5554F3A0825 for <dnsop@ietf.org>; Sun, 1 Aug 2021 18:00:53 -0700 (PDT)
Received: by mail-lf1-x12f.google.com with SMTP id x8so17314583lfe.3 for <dnsop@ietf.org>; Sun, 01 Aug 2021 18:00:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5zSsZuev53ILmrls/nv8St/TCUJbcLd/5wue/fqr7Kw=; b=YbDD6DEuKKfodcX2JE1m8SvW8JiEHr9rgCBLG3sj5r8MRIADnh8sHQ9Jw9xIhhGwpZ w8Xz5bAodYz76syWw8eKLtygwOtjc84JFnuV7yUCaslipjczoiZOnXmko21mRFxmLQLG jtT02tR23n77ujA+vxndxjskTMZj17Q0YVJ4BsfOq+CligclQNwLVpMJ612DIhIGCmq/ WyUDuOc1COFKgyEpLFpu5ZNxrbC0lYhKO9hMsJHOc3FlKIVw2MdoNGixgO+Xto1v7SY/ Ox1uHxgD8dXk2QmqSed5mLbvd6OOZARptJIeQqgmU4C8zQZP/JgptNxIqvz2Eok71AQi o2FQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5zSsZuev53ILmrls/nv8St/TCUJbcLd/5wue/fqr7Kw=; b=mQCpHLv/j3NWROuf83/R6Kbkz2DxZIzBMmseEhdQUFy8e5oRyweS6FwC6BVNKoo/y+ 9z5UXN5kz0N5VCPRecEGYxf/4hWVXI8s8m5l4oq+DXS1omkmAaPumpz2xhIbRCf3al1T QnWN7bBWV5T28j6AzzCCD+58c2djjATMc6RPPwrbTtQ6xbzva/xVu5D5mPQmoHyBKBVi lbNq7nUL0jly/dCmopu329vRRxMnkHr4e9UaVojMv5cZGNcqntWAIxxc3YwFVR0ZixWa 46aiMUxCOeQCAsZcFIlZyRg1ZwC8V5NZK361tr/1OEoxLSBZ1kyQ7UH8UQ87pJ51nEpn W09g==
X-Gm-Message-State: AOAM532ugF8LF3Xgi9sJuUva0GqiEQcPSwC5eu/JP5cUflfyc8nbWp4b aKm+cjdpCHNVDwgFy9ERP3GITBAJsqV7jSW0zHl93ym/uq4jQA==
X-Google-Smtp-Source: ABdhPJwy4esDl/vM8Ns8X7+n0gvZuFuNEVKekV+5sb6GApOfY9Ixp3TjpmZ3WGVNOjMFMIofhfqpoo6C+Fhktg/VACU=
X-Received: by 2002:a19:ac45:: with SMTP id r5mr10351732lfc.484.1627866049860; Sun, 01 Aug 2021 18:00:49 -0700 (PDT)
MIME-Version: 1.0
References: <E5E151E6-0BC0-44FE-BF7C-6B2ED207894F@dnss.ec> <ybleebfjurt.fsf@w7.hardakers.net> <F32FF440-D3C5-40B2-AAF0-F7671CE6DF52@dnss.ec> <5423bc8b-f99e-bcd3-834d-ed3e8cc53682@nthpermutation.com>
In-Reply-To: <5423bc8b-f99e-bcd3-834d-ed3e8cc53682@nthpermutation.com>
From: Warren Kumari <warren@kumari.net>
Date: Sun, 01 Aug 2021 21:00:14 -0400
Message-ID: <CAHw9_iLzEGPjwJHN0okK+BttT2og0oQVmeq63jzPXCS09ynAxw@mail.gmail.com>
To: Michael StJohns <msj@nthpermutation.com>
Cc: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a4e8b105c8891911"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/QkTr5Mxb6PyuUO1YW5FPgtx6vvo>
Subject: Re: [DNSOP] DNSOPMoving forward on draft-ietf-dnsop-private-tld
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Aug 2021 01:01:00 -0000
On Sun, Aug 1, 2021 at 6:04 PM Michael StJohns <msj@nthpermutation.com> wrote: > Actually, maybe there should be a general document "DNS Squatting > Considered Harmful"? I think that we (well, mainly ICANN) already have a large amount that says things along these lines. See below.. > I personally don't see any real difference > between squatting on "onion" vs squatting on "zz" except that we ended > up with a ex post facto approval of .onion. And that AIRC was a near > thing. > > So maybe: > > 1) The IETF and/or ICANN will not allocate any of the 2 letter country > codes as TLDs unless and until that code is allocated to a country by ISO. > There are already a number of documents which do things along these lines, including: Jon's RFC1591 (https://www.ietf.org/rfc/rfc1591.txt) which says: 2) Country Codes The IANA is not in the business of deciding what is and what is not a country. The selection of the ISO 3166 list as a basis for country code top-level domain names was made with the knowledge that ISO has a procedure for determining which entities should be and should not be on that list. and IANA already says much of this in "Eligible categories of top-level domains" (https://www.iana.org/help/eligible-tlds) Also RFC3071 - "Reflections on the DNS, RFC 1591, and Categories of Domains" says: These categories are clearly orthogonal to the association between the use of the IS 3166-1 registered code list [2] and two-letter "country" domain names. If that relationship is to be maintained (and I believe it is desirable), the only inherent requirement is that no two-letter TLDs be created except from that list (in order to avoid future conflicts). ICANN should control the allocation and delegation of TLDs using these, and other, criteria, but only registered 3166-1 two letter codes should be used as two-letter TLDs. In "ICANN and the International Organization for Standardization (ISO) - A Common Interest in ISO Standard 3166 -- https://www.icann.org/resources/pages/icann-iso-3166-2012-05-09-en", ICANN says: "In 2000, the ICANN Board of Directors recognized the ISO 3166 Maintenance Agency as the authoritative entity for country code designations and officially adopted the use of ISO 3166-1 and the 3166-MA exceptional reserved list as the set of eligible designations for ccTLD assignment (September 2000)." and "ISO 3166 is also used to determine the eligibility for an IDN ccTLD string under the IDN ccTLD Fast Track process. " Also: https://archive.icann.org/en/cctlds/gac-statements-concerning-cctlds-16dec01.htm has: Principles for Delegation and Administration of ccTLDs Presented by Governmental Advisory Committee - https://archive.icann.org/en/committees/gac/gac-cctldprinciples-23feb00.htm which says: 3.3 ‘Country code top level domain' or ‘ccTLD' means a domain in the top level of the global domain name system assigned according to the two-letter codes in the ISO 3166-1 standard, ‘Codes for the Representation of Names of Countries and Their Subdivisions.' In addition, RFC920 - Domain Requirements ( https://datatracker.ietf.org/doc/html/rfc920 ) says: "The initial top level domain names are: [...] Countries The English two letter code (alpha-2) identifying a country according the the ISO Standard for "Codes for the Representation of Names of Countries" [5]. We also have "RFC2240 - A Legal Basis for Domain Name Allocation": "The TLDs are functionally split up into 'generic' top-level domains (gTLDs) and two-letter ISO 3166 country domains for every country in which Internet connectivity is provided." > 2) Any one squatting on unassigned codes should not expect remediation > from either the IETF or ICANN if that code is later allocated to a country. 3) As a general matter TLDs of any form unassigned by ICANN should not > be used for private use. Please pursue a special assignment via the > IETF asking for concurrence from ICANN. Other language about how the > assignment might not occur, might occur, but not for the purpose > requested, etc. > Some existing work along these lines: RFC8244 - Special-Use Domain Names Problem Statement - https://datatracker.ietf.org/doc/html/rfc8244 RFC8023 - Report from the Workshop and Prize of Root Causes and Mitigation of Name Collisions - https://datatracker.ietf.org/doc/html/rfc8023 RFC7034 - A Method for Mitigating Namespace Collisions - https://datatracker.ietf.org/doc/html/rfc7304 SAC062 SSAC Advisory Concerning the Mitigation of Name Collision Risk - https://www.icann.org/en/system/files/files/sac-062-en.pdf SAC066 SSAC Comment Concerning JAS Phase One Report on Mitigating the Risk of DNS Namespace Collisions - https://www.icann.org/en/system/files/files/sac-066-en.pdf Name Collision Resources & Information - https://www.icann.org/resources/pages/name-collision-2013-12-06-en Name Collision in the DNS "A study of the likelihood and potential consequences of collision between new public gTLD labels and existing private uses of the same strings" -- https://www.icann.org/en/system/files/files/name-collision-02aug13-en.pdf ICANN "Addressing the Consequences of Name Collisions" - https://www.icann.org/en/announcements/details/addressing-the-consequences-of-name-collisions-5-8-2013-en "Additional Reserved Top Level Domains - draft-chapin-additional-reserved-tlds-02 - https://datatracker.ietf.org/doc/html/draft-chapin-additional-reserved-tlds-02 ICANN Board Resolution "Addressing the New gTLD Program Applications for .CORP, .HOME, and .MAIL" - https://features.icann.org/addressing-new-gtld-program-applications-corp-home-and-mail If we write anything, I think that it is important that the WG and authors are familiar with the existing work related to the topic. W > > Mike > > > > On 8/1/2021 5:50 PM, Roy Arends wrote: > >> On 30 Jul 2021, at 23:34, Wes Hardaker <wjhns1@hardakers.net> wrote: > >> > >> Roy Arends <roy@dnss.ec> writes: > >> > >>> Essentially, instead of making the pond safe, we’ll have a warning > >>> sign that using the pond is at their own risk. > >> The wording of said warning sign is the critical element, IMHO. > >> Certainly my support of the document greatly depends on said wording. > > Sure. > > > >> In the end, there should be a goal behind why we want to publish > >> something. If that goal is "know people do this. don't do this. > >> please stop", then that may be a reasonable goal. If we're just going > >> to document history, without recommendations (to stop), then I think it > >> may bring more harm than good. > > IMHO, we should document that people do this, and that there are risks > when people do this, and document what these risks are. > > > > Warmly > > > > Roy > > _______________________________________________ > > DNSOP mailing list > > DNSOP@ietf.org > > https://www.ietf.org/mailman/listinfo/dnsop > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- The computing scientist’s main challenge is not to get confused by the complexities of his own making. -- E. W. Dijkstra
- [DNSOP] Moving forward on draft-ietf-dnsop-privat… Roy Arends
- Re: [DNSOP] Moving forward on draft-ietf-dnsop-pr… Joe Abley
- Re: [DNSOP] Moving forward on draft-ietf-dnsop-pr… Paul Wouters
- Re: [DNSOP] Moving forward on draft-ietf-dnsop-pr… Roy Arends
- Re: [DNSOP] Moving forward on draft-ietf-dnsop-pr… Paul Wouters
- Re: [DNSOP] Moving forward on draft-ietf-dnsop-pr… Paul Wouters
- Re: [DNSOP] Moving forward on draft-ietf-dnsop-pr… Joe Abley
- Re: [DNSOP] Moving forward on draft-ietf-dnsop-pr… Rob Wilton (rwilton)
- Re: [DNSOP] Moving forward on draft-ietf-dnsop-pr… John Levine
- Re: [DNSOP] DNSOPMoving forward on draft-ietf-dns… Wes Hardaker
- Re: [DNSOP] Moving forward on draft-ietf-dnsop-pr… Benno Overeinder
- Re: [DNSOP] Moving forward on draft-ietf-dnsop-pr… Ray Bellis
- [DNSOP] Moving WG documents forward Paul Hoffman
- Re: [DNSOP] Moving WG documents forward Василий Долматов
- Re: [DNSOP] Moving WG documents forward Benno Overeinder
- Re: [DNSOP] Moving forward on draft-ietf-dnsop-pr… Roy Arends
- Re: [DNSOP] DNSOPMoving forward on draft-ietf-dns… Roy Arends
- Re: [DNSOP] Moving forward on draft-ietf-dnsop-pr… Andrew Sullivan
- Re: [DNSOP] DNSOPMoving forward on draft-ietf-dns… Michael StJohns
- Re: [DNSOP] DNSOPMoving forward on draft-ietf-dns… Warren Kumari
- Re: [DNSOP] DNSOPMoving forward on draft-ietf-dns… Michael StJohns