[DNSOP] Re: [EXT] [dtn] Re: An Interplanetary DNS Model

"Sipos, Brian J." <Brian.Sipos@jhuapl.edu> Thu, 25 July 2024 14:13 UTC

Return-Path: <Brian.Sipos@jhuapl.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7E90C1D4A98; Thu, 25 Jul 2024 07:13:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jhuapl.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fT6Ninx9VmFz; Thu, 25 Jul 2024 07:13:03 -0700 (PDT)
Received: from aplegw02.jhuapl.edu (aplegw02.jhuapl.edu [128.244.251.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A199C19ECBD; Thu, 25 Jul 2024 07:13:03 -0700 (PDT)
Received: from pps.filterd (aplegw02.jhuapl.edu [127.0.0.1]) by aplegw02.jhuapl.edu (8.17.1.19/8.17.1.19) with ESMTP id 46PBu94k029221; Thu, 25 Jul 2024 10:13:02 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhuapl.edu; h=cc : content-type : date : from : in-reply-to : message-id : mime-version : references : subject : to; s=JHUAPLDec2018; bh=l+KbQIgwu8ticy5Slx/uWLOFW+PQwW1KH4Thy/hnr58=; b=llExUm7Jlw3mdaInqoYpmTKuFL5qYiolQ2zzFjpG8ZP+NZhKFrOuARlsKt0ZvxiK8Rem 1mwJNU0Pm4ElVBJ7+Mrx1eGSek/XBBN0j5MWx/6DPrJPdRxvyP9jtGFTUsB8BgeFk8Zu FvokpV9R8klhsZ8oDDICL8rdfuclElpLWpIFNQI2NLDeZ9LGITNwtzAiIUhQL+FhpSeX GbMUp8wyMoagcpygiwB/zTAc3nmRvDmZLRC/xriiadfsJOt9axmu8tWQMBz+EUZ/NwiW agPa6nnXoIgFX033Bp1shTpq8x1SkK/bwp3AiA5VLrOQQ6haTM7wVhe/6Xt3AHosOsHE Kw==
Received: from aplex25.dom1.jhuapl.edu (aplex25.dom1.jhuapl.edu [10.114.162.10]) by aplegw02.jhuapl.edu (PPS) with ESMTPS id 40g9f16dcy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 25 Jul 2024 10:13:02 -0400
Received: from APLEX21.dom1.jhuapl.edu (10.114.162.6) by APLEX25.dom1.jhuapl.edu (10.114.162.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Thu, 25 Jul 2024 10:12:50 -0400
Received: from APLEX21.dom1.jhuapl.edu ([fe80::20d7:9545:f01e:9b2]) by APLEX21.dom1.jhuapl.edu ([fe80::20d7:9545:f01e:9b2%5]) with mapi id 15.02.1544.011; Thu, 25 Jul 2024 10:12:50 -0400
From: "Sipos, Brian J." <Brian.Sipos@jhuapl.edu>
To: Scott Johnson <scott@spacelypackets.com>, Marc Blanchet <marc.blanchet@viagenie.ca>
Thread-Topic: [EXT] [dtn] Re: [DNSOP] An Interplanetary DNS Model
Thread-Index: AQHa3QrNPLqZ8O2FikCtFZq5/IkiJLIFt8QAgADDugCAAAJSAIAAH38AgADXETA=
Date: Thu, 25 Jul 2024 14:12:50 +0000
Message-ID: <bdd9f024fb884af9adfa115e2971b598@jhuapl.edu>
References: <65daf988-f696-4f35-5a72-5b11ef4893b8@spacelypackets.com> <CAEhHO_MaUFraCuur2uYEBrRcdKUty3ZwoPsFeP3V1iXf5vQxxA@mail.gmail.com> <b098f7cb-e42b-c7e4-56b8-dcb9125c17e9@spacelypackets.com> <CAEhHO_P4VmCC0VfxHRPdnvUzzwamMThbcuQAp1N98yWTCd-Bsg@mail.gmail.com> <0685c4ca-0b10-d7a8-ccd4-507dc6755d1a@spacelypackets.com> <CAEhHO_PbrkKqaJsBD+Fih+i1rY5YN+9=Y-fNUpOp2PfXL+hAuA@mail.gmail.com> <41A7771E-8D08-4272-B457-F9FE61CD77A3@viagenie.ca> <358b7baa-d4f1-5f73-152b-768806efa0f3@spacelypackets.com>
In-Reply-To: <358b7baa-d4f1-5f73-152b-768806efa0f3@spacelypackets.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.162.18]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_003B_01DADE7B.33B737C0"
MIME-Version: 1.0
X-CrossPremisesHeadersFilteredBySendConnector: APLEX25.dom1.jhuapl.edu
X-OrganizationHeadersPreserved: APLEX25.dom1.jhuapl.edu
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-07-25_13,2024-07-25_03,2024-05-17_01
Message-ID-Hash: G25YFE6BHJWN33UXTPZYH6MMOMBTJ4BW
X-Message-ID-Hash: G25YFE6BHJWN33UXTPZYH6MMOMBTJ4BW
X-MailFrom: Brian.Sipos@jhuapl.edu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Lorenzo Breda <lorenzo@lbreda.com>, DTN WG <dtn@ietf.org>, dnsop <dnsop@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: [EXT] [dtn] Re: An Interplanetary DNS Model
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/RlfVQgtzXUflyPRfIh5wknAABfM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

All,
I'm replying to a non-specific message in this chain just to mention that, similar to what Lorenzo brought up, any translation of identifiers (names or addresses) will be fraught with problems related to security and should not be done. There can be translation or mapping that happens in a way not visible to users/clients, but whatever identifiers are visible to the user/client need to have stable meaning across any network.

Naming authorities, such as PKIX CAs, need to rely on the fact that once a user proves ownership of a specific identifier that same identifier will not be used by other users (at least not simultaneously over a short time interval). Part of the reason why public CAs such as Let's Encrypt will not issue certificates for IP addresses is the prevalence of IP NATs, even though IP identifiers are allowed by the CA/Browser TLS baseline [1].

[1] https://cabforum.org/working-groups/server/baseline-requirements/documents/CA-Browser-Forum-TLS-BR-2.0.5.pdf

> -----Original Message-----
> From: Scott Johnson <scott@spacelypackets.com>
> Sent: Wednesday, July 24, 2024 4:44 PM
> To: Marc Blanchet <marc.blanchet@viagenie.ca>
> Cc: Lorenzo Breda <lorenzo@lbreda.com>; DTN WG <dtn@ietf.org>; dnsop
> <dnsop@ietf.org>
> Subject: [EXT] [dtn] Re: [DNSOP] An Interplanetary DNS Model
> 
> APL external email warning: Verify sender forwardingalgorithm@ietf.org before
> clicking links or attachments
> 
> Hi Marc,
> 
> On Wed, 24 Jul 2024, Marc Blanchet wrote:
> 
> >
> >
> >       Le 24 juill. 2024 à 11:42, Lorenzo Breda
> >       <lorenzo@lbreda.com> a écrit :
> >
> >
> > Why are you against leaving the current TLDs implicitly on Earth by
> > default?
> >
> >
> > Right. One do not need a special TLD for space. We can use what we
> > have and it just works fine.
> 
> I do not disagree with this notion as respects my proposed architecture.
> 3rd level domains mapped to off-world domains works just fine, for the low low
> price of annual domain renewal.  a tld representing each remote world is
> preferable, however, because it is just "cooler;" easier to use and more
> memorable than a much longer domain.  This, however, assumes we are talking
> about the same proposal, which we are not.
> 
> > One has just to be careful on remote resolution so that it contains
> > what is needed: trust chain, local names, ...
> >
> 
> Lets be clear here, Marc.  You are talking about a completely different solution
> than I am; one predicated on IP only.  Your comment on this thread, without
> context, only serves to confuse the other participants.
> 
> For example, you are talking about using F-root, right?  That is a very different
> thing than the functionality which I am describing, with significantly more
> network resource usage requirements.  My solution uses BP in some network
> segments.  Personally, I don't think your method will ever fly, primarily due to
> security reasons, but I don't troll your threads about it in a manner which would
> muddy the waters of those considering your proposal.  I don't mind healthy
> competition of ideas, but I do expect fair play.  If you wish to contrast the two
> methods, thats fine, yet unproductive, IMHO.  Just make sure the reader knows
> you are talking about your proposal, and not mine.
> 
> ScottJ
> 
> 
> 
> > This is discussed in:
> > - running IP in deep space (noBP<->IP):
> > https://www.ietf.org/archive/id/draft-many-deepspace-ip-asse
> > ssment-01.txt
> > - running DNS in remote places:
> > https://www.ietf.org/archive/id/draft-many-dnsop-dns-isolated-network
> > s-01.txt
> >
> >
> > Regards, Marc.
> >
> >
> >
> > --
> > Lorenzo Breda
> > _______________________________________________
> > dtn mailing list -- dtn@ietf.org
> > To unsubscribe send an email to dtn-leave@ietf.org
> >
> >
> >
> >