IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-chapin-additional-reserved-tlds-02.txt

Paul Hoffman <paul.hoffman@vpnc.org> Wed, 11 March 2015 03:06 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 477281A007A for <dnsop@ietfa.amsl.com>; Tue, 10 Mar 2015 20:06:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Level:
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9gDxypxvyPlR for <dnsop@ietfa.amsl.com>; Tue, 10 Mar 2015 20:06:49 -0700 (PDT)
Received: from proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B34931A0058 for <dnsop@ietf.org>; Tue, 10 Mar 2015 20:06:47 -0700 (PDT)
Received: from [10.20.30.101] (50-1-99-2.dsl.dynamic.fusionbroadband.com [50.1.99.2]) (authenticated bits=0) by proper.com (8.15.1/8.14.9) with ESMTPSA id t2B36jG8099065 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 10 Mar 2015 20:06:46 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: proper.com: Host 50-1-99-2.dsl.dynamic.fusionbroadband.com [50.1.99.2] claimed to be [10.20.30.101]
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <0336D810-AF17-4760-A331-D6A569ABC5FB@rfc1035.com>
Date: Tue, 10 Mar 2015 20:06:44 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <FE859EA0-065A-48CC-9C75-D6A0D2D228DF@vpnc.org>
References: <20150302105857.16985.904.idtracker@ietfa.amsl.com> <54F4E124.3010406@gmail.com> <alpine.LFD.2.10.1503022129000.19140@bofh.nohats.ca> <alpine.LSU.2.00.1503031046080.23307@hermes-1.csi.cam.ac.uk> <50B802F4-26D3-4250-BEFE-5C5EAF2093A2@virtualized.org> <0336D810-AF17-4760-A331-D6A569ABC5FB@rfc1035.com>
To: Jim Reid <jim@rfc1035.com>
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/Tq2G_SjzgY5MzgNutl7cYx4FiSo>
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] I-D Action: draft-chapin-additional-reserved-tlds-02.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2015 03:06:50 -0000

On Mar 10, 2015, at 6:33 PM, Jim Reid <jim@rfc1035.com> wrote:
> On 11 Mar 2015, at 00:08, David Conrad <drc@virtualized.org> wrote:
> 
>> While true, these values will vary over time, location of collection, and myriad other reasons, probably including phase of moon. If we're going to reserve strings from ever being delegated, I believe we need to come up with some rationale beyond "because they showed up a lot at some root servers at this point in time."
> 
> In the absence of other objective, measurable data (sigh), going with what's seen at the root for some arbitrary shapshot(s) on arbitrary date(s) seems to be the least-worst option. It might even be the only option.

"We have known-bad data; let's go with that." (louder sigh)

>> If that is the only criteria, it would be relatively easy to game the stats by hiring a few botnet zombies to pump queries with names you'd like to reserve with spoofed source addresses.
> 
> The same would no doubt hold for whatever other criteria were chosen.

We don't need to be so fatalist. In fact, given that we are talking about a resource where some of the values are worth more than others, we should be much more diligent. There is no reason for us to allow "we starting finding requests for these unassigned TLDs" as a reason to allocate TLDs.

For the name ".lan", we can see that it has been used for quite over a decade to have a specific network purpose. We don't have to measure this at the roots: we can see it in examples of documentation for how to (mis-) configure your corporate LAN. That is a good enough reason to reserve it. The three that are in draft-chapin-additional-reserved-tlds-02 (.home, .corp, .mail) have the same property. Adding in ".lan" might help some small part of the (non-)Internet not have problems in the future; allowing Lantam Airlines or the Lansing Airport to have it will possibly cause some damage when it is allocated.

> IMO the draft is a reasonable attempt at harm reduction. For some definition of harm. It seems ICANN's policy-making fora want the IETF to produce a list of "dangerous" TLD strings (on technical grounds) so that they can point at some RFC and say everything else can be classed as "safe to delegate". Which is at best a very misguided approach IMO.

And, fortunately, that's not what this draft says. Why impute that?

> That ship has already sailed so the WG just has to make the best job it can of the cards it has been dealt. If anyone here has better ideas on how to do that, please speak up.

Done so. Let's not be careless.

> I think it would be prudent to assume any new TLD strings (if there ever are any after the current round has been processed) are harmful unless the applicant can prove otherwise to a reasonable standard. But nobody's ever going to accept that.

A rule that cannot be tested is not "prudent". Common, yes, but not prudent.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email