Re: [DNSOP] Interim DNSOP WG meeting on Special Use Names: some reading material

[Lyman Chapin <lyman@INTERISLE.NET>]

On May 13, 2015, at 6:05 PM, David Conrad wrote:

> John,
> 
>> On May 13, 2015, at 1:51 PM, John Levine <johnl@taugh.com> wrote:
>>> The distinction I'm making suggests why corp and onion seem different.  They are, in this
>>> fundamental resolution nature.
>> 
>> I was under the impression that part of the problem with .corp was
>> that there were a lot of SSL certificates floating around.
> 
> The SSL cert aspect of CORP usage was a component of the concern, but not the sole problem.

I think it's important to recognize that the issues with corp/home/mail have to do with *scope*, not with whether or not the DNS should be involved in resolving them. The established usage of corp/home/mail depends (conceptually and in practice) on using "the DNS" for name resolution, but it also depends on the historical assumption that those names would never resolve outside of their local scope because they were not globally-valid TLDs. That's not the case for onion (for example).

>> With regard to the theory that ICANN has said they won't delegate
>> .corp, .home, and .mail, they've only said they're "deferred"
> 
> I believe this is true.
> 
>> So this isn't an ICANN issue, it's an IANA issue.
> 
> It is neither: it is a DNS operational issue. A "large" number of people are apparently squatting on CORP/HOME/MAIL. Delegation of those TLDs would thus impact that "large" number of people.

I think it is inaccurate (and unhelpful) to refer to the people who have been using corp/home/mail as squatters; most of them have simply been following what textbooks, consultants, and "best practice" guidelines have been advocating for a long time. They are not trying to claim or usurp territory that they (should) know doesn't belong to them; they have been playing by the rules that they learned when they studied for their Microsoft certification exams. We could go back in time and warn everyone that using a non-delegated name as the TLD anchor for an AD tree would someday turn out to be a problem, but absent that we have little justification for blaming them.

That having been said, I understand that you're agreeing with me that this is a DNS operational issue :-)

>> ICANN can't sell
>> .corp, .home, and .mail for the same reason they can't sell .arpa or
>> .invalid: they're already spoken for.
> 
> This is not true.

It's not, and John knows that, but it should be.

> ARPA is defined in RFC 3172 and the IAB "in cooperation with ICANN" are responsible for it.
> INVALID is defined in RFC 2606 which reserves its use.
> 
> CORP/HOME/MAIL are not defined anywhere (other than drafts).
> 
> But I suspect you know this, so I'm unclear why you claim "they're already spoken for."
> 
> ICANN can't "sell" CORP/HOME/MAIL because there are concerns related to security/stability with those TLDs that are, as yet, unresolved.

The security/stability concerns do not prevent ICANN from selling them. A decision by the IETF to reserve them would. My point from the beginning [1] has been that the operational stability of the Internet is the proper concern of the IETF; it is not a policy issue, or a domain name registry competition issue, or any of the other issues that are the proper concern of ICANN. I don't intend that as a negative comment about ICANN - I'm not saying "those guys would sell their .grandmother if they thought they could make a buck out of it, security and stability be damned." I'm saying that the IETF's core interest in a stable, operating Internet is the context in which the issue should be resolved.

- Lyman

[1] https://tools.ietf.org/id/draft-chapin-rfc2606bis-00.txt