IETF Logo Mail Archive

Re: [DNSOP] DNSOPMoving forward on draft-ietf-dnsop-private-tld

Warren Kumari <warren@kumari.net> Mon, 02 August 2021 01:00 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AB4A3A0827 for <dnsop@ietfa.amsl.com>; Sun, 1 Aug 2021 18:00:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gqb0WM9NrcgQ for <dnsop@ietfa.amsl.com>; Sun, 1 Aug 2021 18:00:53 -0700 (PDT)
Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5554F3A0825 for <dnsop@ietf.org>; Sun, 1 Aug 2021 18:00:53 -0700 (PDT)
Received: by mail-lf1-x12f.google.com with SMTP id x8so17314583lfe.3 for <dnsop@ietf.org>; Sun, 01 Aug 2021 18:00:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5zSsZuev53ILmrls/nv8St/TCUJbcLd/5wue/fqr7Kw=; b=YbDD6DEuKKfodcX2JE1m8SvW8JiEHr9rgCBLG3sj5r8MRIADnh8sHQ9Jw9xIhhGwpZ w8Xz5bAodYz76syWw8eKLtygwOtjc84JFnuV7yUCaslipjczoiZOnXmko21mRFxmLQLG jtT02tR23n77ujA+vxndxjskTMZj17Q0YVJ4BsfOq+CligclQNwLVpMJ612DIhIGCmq/ WyUDuOc1COFKgyEpLFpu5ZNxrbC0lYhKO9hMsJHOc3FlKIVw2MdoNGixgO+Xto1v7SY/ Ox1uHxgD8dXk2QmqSed5mLbvd6OOZARptJIeQqgmU4C8zQZP/JgptNxIqvz2Eok71AQi o2FQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5zSsZuev53ILmrls/nv8St/TCUJbcLd/5wue/fqr7Kw=; b=mQCpHLv/j3NWROuf83/R6Kbkz2DxZIzBMmseEhdQUFy8e5oRyweS6FwC6BVNKoo/y+ 9z5UXN5kz0N5VCPRecEGYxf/4hWVXI8s8m5l4oq+DXS1omkmAaPumpz2xhIbRCf3al1T QnWN7bBWV5T28j6AzzCCD+58c2djjATMc6RPPwrbTtQ6xbzva/xVu5D5mPQmoHyBKBVi lbNq7nUL0jly/dCmopu329vRRxMnkHr4e9UaVojMv5cZGNcqntWAIxxc3YwFVR0ZixWa 46aiMUxCOeQCAsZcFIlZyRg1ZwC8V5NZK361tr/1OEoxLSBZ1kyQ7UH8UQ87pJ51nEpn W09g==
X-Gm-Message-State: AOAM532ugF8LF3Xgi9sJuUva0GqiEQcPSwC5eu/JP5cUflfyc8nbWp4b aKm+cjdpCHNVDwgFy9ERP3GITBAJsqV7jSW0zHl93ym/uq4jQA==
X-Google-Smtp-Source: ABdhPJwy4esDl/vM8Ns8X7+n0gvZuFuNEVKekV+5sb6GApOfY9Ixp3TjpmZ3WGVNOjMFMIofhfqpoo6C+Fhktg/VACU=
X-Received: by 2002:a19:ac45:: with SMTP id r5mr10351732lfc.484.1627866049860; Sun, 01 Aug 2021 18:00:49 -0700 (PDT)
MIME-Version: 1.0
References: <E5E151E6-0BC0-44FE-BF7C-6B2ED207894F@dnss.ec> <ybleebfjurt.fsf@w7.hardakers.net> <F32FF440-D3C5-40B2-AAF0-F7671CE6DF52@dnss.ec> <5423bc8b-f99e-bcd3-834d-ed3e8cc53682@nthpermutation.com>
In-Reply-To: <5423bc8b-f99e-bcd3-834d-ed3e8cc53682@nthpermutation.com>
From: Warren Kumari <warren@kumari.net>
Date: Sun, 01 Aug 2021 21:00:14 -0400
Message-ID: <CAHw9_iLzEGPjwJHN0okK+BttT2og0oQVmeq63jzPXCS09ynAxw@mail.gmail.com>
To: Michael StJohns <msj@nthpermutation.com>
Cc: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a4e8b105c8891911"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/QkTr5Mxb6PyuUO1YW5FPgtx6vvo>
Subject: Re: [DNSOP] DNSOPMoving forward on draft-ietf-dnsop-private-tld
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Aug 2021 01:01:00 -0000

On Sun, Aug 1, 2021 at 6:04 PM Michael StJohns <msj@nthpermutation.com>
wrote:

> Actually, maybe there should be a general document "DNS Squatting
> Considered Harmful"?


I think that we (well, mainly ICANN) already have a large amount that says
things along these lines. See below..


> I personally don't see any real difference
> between squatting on "onion" vs squatting on "zz" except that we ended
> up with a ex post facto approval of .onion.   And that AIRC was a near
> thing.
>
> So maybe:
>
> 1) The IETF and/or ICANN will not allocate any of the 2 letter country
> codes as TLDs unless and until that code is allocated to a country by ISO.
>


There are already a number of documents which do things along these lines,
including:

Jon's RFC1591 (https://www.ietf.org/rfc/rfc1591.txt) which says:
2) Country Codes
    The IANA is not in the business of deciding what is and what is
    not a country.
    The selection of the ISO 3166 list as a basis for country code
    top-level domain names was made with the knowledge that ISO has a
    procedure for determining which entities should be and should not
    be on that list.

and IANA already says much of this in "Eligible categories of top-level
domains" (https://www.iana.org/help/eligible-tlds)


Also RFC3071 - "Reflections on the DNS, RFC 1591, and Categories of
Domains" says:
These categories are clearly orthogonal to the association between
   the use of the IS 3166-1 registered code list [2] and two-letter
   "country" domain names.  If that relationship is to be maintained
   (and I believe it is desirable), the only inherent requirement is
   that no two-letter TLDs be created except from that list (in order to
   avoid future conflicts).  ICANN should control the allocation and
   delegation of TLDs using these, and other, criteria, but only
   registered 3166-1 two letter codes should be used as two-letter TLDs.

In "ICANN and the International Organization for Standardization (ISO) - A
Common Interest in ISO Standard 3166 --
https://www.icann.org/resources/pages/icann-iso-3166-2012-05-09-en", ICANN
says:
"In 2000, the ICANN Board of Directors recognized the ISO 3166 Maintenance
Agency as the authoritative entity for country code designations and
officially adopted the use of ISO 3166-1 and the 3166-MA exceptional
reserved list as the set of eligible designations for ccTLD assignment
(September 2000)."
and
"ISO 3166 is also used to determine the eligibility for an IDN ccTLD string
under the IDN ccTLD Fast Track process. "

Also:
https://archive.icann.org/en/cctlds/gac-statements-concerning-cctlds-16dec01.htm
has:
Principles for Delegation and Administration of ccTLDs Presented by
Governmental Advisory Committee -
https://archive.icann.org/en/committees/gac/gac-cctldprinciples-23feb00.htm
which says:
3.3 ‘Country code top level domain' or ‘ccTLD' means a domain in the top
level of the global domain name system assigned according to the two-letter
codes in the ISO 3166-1 standard, ‘Codes for the Representation of Names of
Countries and Their Subdivisions.'

In addition, RFC920 - Domain Requirements (
https://datatracker.ietf.org/doc/html/rfc920 ) says:
"The initial top level domain names are:
[...]
Countries
     The English two letter code (alpha-2) identifying a country
      according the the ISO Standard for "Codes for the
      Representation of Names of Countries" [5].

We also have "RFC2240 - A Legal Basis for Domain Name Allocation":
"The TLDs are functionally split up into 'generic' top-level domains
   (gTLDs) and two-letter ISO 3166 country domains for every country in
   which Internet connectivity is provided."



> 2) Any one squatting on unassigned codes should not expect remediation
> from either the IETF or ICANN if that code is later allocated to a country.

3) As a general matter TLDs of any form unassigned by ICANN should not
> be used for private use.  Please pursue a special assignment via the
> IETF asking for concurrence from ICANN. Other language about how the
> assignment might not occur, might occur, but not for the purpose
> requested, etc.
>

Some existing work along these lines:
RFC8244 - Special-Use Domain Names Problem Statement -
https://datatracker.ietf.org/doc/html/rfc8244

RFC8023 - Report from the Workshop and Prize of Root Causes and Mitigation
of Name Collisions - https://datatracker.ietf.org/doc/html/rfc8023

RFC7034 - A Method for Mitigating Namespace Collisions -
https://datatracker.ietf.org/doc/html/rfc7304

SAC062 SSAC Advisory Concerning the Mitigation of Name Collision Risk -
https://www.icann.org/en/system/files/files/sac-062-en.pdf

SAC066 SSAC Comment Concerning JAS Phase One Report on Mitigating the Risk
of DNS Namespace Collisions -
https://www.icann.org/en/system/files/files/sac-066-en.pdf

Name Collision Resources & Information -
https://www.icann.org/resources/pages/name-collision-2013-12-06-en

Name Collision in the DNS
"A study of the likelihood and potential consequences of collision between new
public gTLD labels and existing private uses of the same strings"
 --
https://www.icann.org/en/system/files/files/name-collision-02aug13-en.pdf

ICANN "Addressing the Consequences of Name Collisions" -
https://www.icann.org/en/announcements/details/addressing-the-consequences-of-name-collisions-5-8-2013-en

"Additional Reserved Top Level Domains -
draft-chapin-additional-reserved-tlds-02
 -
https://datatracker.ietf.org/doc/html/draft-chapin-additional-reserved-tlds-02

ICANN Board Resolution "Addressing the New gTLD Program Applications for
.CORP, .HOME, and .MAIL"
-
https://features.icann.org/addressing-new-gtld-program-applications-corp-home-and-mail


If we write anything, I think that it is important that the WG and authors
are familiar with the existing work related to the topic.

W




>
> Mike
>
>
>
> On 8/1/2021 5:50 PM, Roy Arends wrote:
> >> On 30 Jul 2021, at 23:34, Wes Hardaker <wjhns1@hardakers.net> wrote:
> >>
> >> Roy Arends <roy@dnss.ec> writes:
> >>
> >>> Essentially, instead of making the pond safe, we’ll have a warning
> >>> sign that using the pond is at their own risk.
> >> The wording of said warning sign is the critical element, IMHO.
> >> Certainly my support of the document greatly depends on said wording.
> > Sure.
> >
> >> In the end, there should be a goal behind why we want to publish
> >> something.  If that goal is "know people do this.  don't do this.
> >> please stop", then that may be a reasonable goal.  If we're just going
> >> to document history, without recommendations (to stop), then I think it
> >> may bring more harm than good.
> > IMHO, we should document that people do this, and that there are risks
> when people do this, and document what these risks are.
> >
> > Warmly
> >
> > Roy
> > _______________________________________________
> > DNSOP mailing list
> > DNSOP@ietf.org
> > https://www.ietf.org/mailman/listinfo/dnsop
>
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>


-- 
The computing scientist’s main challenge is not to get confused by the
complexities of his own making.
  -- E. W. Dijkstra

v2.23.0 | Report a Bug | By Email