Re: [DNSOP] moving forward on special use names

avri doria <avri@acm.org> Sun, 18 September 2016 20:21 UTC

Return-Path: <avri@acm.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A069812B14F for <dnsop@ietfa.amsl.com>; Sun, 18 Sep 2016 13:21:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level:
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AkQ804Rj0pSv for <dnsop@ietfa.amsl.com>; Sun, 18 Sep 2016 13:21:56 -0700 (PDT)
Received: from smtprelay.hostedemail.com (smtprelay0047.hostedemail.com [216.40.44.47]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E464B12B02E for <dnsop@ietf.org>; Sun, 18 Sep 2016 13:21:55 -0700 (PDT)
Received: from filter.hostedemail.com (unknown [216.40.38.60]) by smtprelay01.hostedemail.com (Postfix) with ESMTP id 9E9D42341C for <dnsop@ietf.org>; Sun, 18 Sep 2016 20:21:52 +0000 (UTC)
X-Session-Marker: 6176726940646F7269612E6F7267
X-Spam-Summary: 50, 0, 0, , d41d8cd98f00b204, avri@acm.org, :, RULES_HIT:41:355:379:599:854:967:973:988:989:1042:1260:1261:1277:1311:1313:1314:1345:1359:1381:1437:1513:1515:1516:1518:1521:1535:1544:1593:1594:1605:1683:1711:1730:1747:1777:1792:2194:2198:2199:2200:2393:2525:2553:2560:2563:2682:2685:2689:2692:2693:2741:2859:2890:2892:2933:2937:2939:2942:2945:2947:2951:2954:3022:3138:3139:3140:3141:3142:3865:3866:3867:3868:3870:3871:3872:3874:3934:3936:3938:3941:3944:3947:3950:3953:3956:3959:4042:4250:4470:5007:6117:6119:7652:7903:7974:8666:8784:8985:9025:9108:9190:10004:10128:10848:11232:11658:11914:12043:12050:12484:12663:12740:13149:13151:13153:13221:13228:13229:13230:14181:14721:21080:21324:21325:21366:21433:21450:30001:30022:30029:30030:30046:30054:30075:30090, 0, RBL:none, CacheIP:none, Bayesian:0.5, 0.5, 0.5, Netcheck:none, DomainCache:0, MSF:not bulk, SPF:fp, MSBL:0, DNSBL:none, Custom_rules:0:0:0, LFtime:2, LUA_SUMMARY:none
X-HE-Tag: spot52_10530e8aebe1a
X-Filterd-Recvd-Size: 5687
Received: from [127.0.0.1] (wsip-68-15-42-104.ri.ri.cox.net [68.15.42.104]) (Authenticated sender: avri@doria.org) by omf13.hostedemail.com (Postfix) with ESMTPA for <dnsop@ietf.org>; Sun, 18 Sep 2016 20:21:52 +0000 (UTC)
References: <D60BBDEF-3C13-44CB-A0D9-DEA98F5297F5@gmail.com>
To: dnsop@ietf.org
From: avri doria <avri@acm.org>
Message-ID: <8f5eb481-c8e9-cdbe-a9d1-3390053c5c13@acm.org>
Date: Sun, 18 Sep 2016 16:21:50 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <D60BBDEF-3C13-44CB-A0D9-DEA98F5297F5@gmail.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
X-Antivirus: avast! (VPS 160918-0, 09/18/2016), Outbound message
X-Antivirus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/WLyegfg6NPOxmehg9FRiSClSbXg>
Subject: Re: [DNSOP] moving forward on special use names
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: avri@acm.org
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Sep 2016 20:21:58 -0000


On 12-Sep-16 16:19, Suzanne Woolf wrote:
> It seems unlikely that they can be combined, so we simply have to ask
> the WG to choose.

I do not understand this point.  Having now read both IDs, I see
relevant points for the ongoing discussion in both of them.   I see them
as complementary where both contribute to defining the problem in a
comprehensive way.

I think it would make sense to ask the authors to combine their efforts,
that being a first step in finding consensus on how to proceed -
otherwise the back and forth continues once a winner is picked.  Perhaps
enlist the help of one of the neutral knowledgeable people in the group
to bring the two groups of authors together in a base draft that
discusses the issues in language both groups can live with with a strict
focus on problems and their explanation.  I may be misreading the 2 IDs,
but I do not think there should be that many sticking points once there
is a decision to work it out.

I think trying to pick a winner from these two documents, both useful
expositions of the issues, is not the best way to produce a problem
statement.


Some individual comments on the drafts.

---

Some specific comments on TLDR Special-Use Names Problem

> Although IETF and ICANN nominally have authority over this
> namespace, neither organization can enforce that authority over
> any third party who wants to just start using a subset of the
> namespace. Reasons for doing this may include:

I would recommend also including something like "ignorance of there
being procedures, or lack of knowledge that the IETF & ICANN have
processes"as one of the bullets.

> this process is
> likely to be slow and difficult, with an uncertain outcome.
>
I am not sure how this differentiates from other IETF processes.  They
all take longer than one would expect and always have an uncertain
outcome.   This makes it seem like this problem is somehow special in
that respect.

> There is demand for more than one name resolution protocol for
> Internet Names, but Internet Names contain no metadata to indicate
> which protocol to use to resolve them.

probably worth indicating that one DNS mechanism that exists is broken
and that others are offering non standard methods of adding metadata or
treating existing data as metadata.

> More than one name resolution protocol is bad, in the sense
> that a single protocol is less complicated to implement and
> deploy.

This would seem contingent on there being no way to differentiate
applicability


> However, the MoU specifically exempts domain names
> assigned for technical use, and uses the example of ’IN-ADDR.ARPA’
> and ’IP6.ARPA’ to illustrate.

I think the issue here is the breadth of the definition for 'technical
use'. Most any names issue can be defined in such a way so as to have a
technical use. 

> 4.2.1. Multicast DNS

This section seems to be arguing a case as much as explaining an issue.

> 4.2.2. The .onion Special-Use TLD

Need to also look at the precedent this has set and whether the IETF
wishes to reinforce this as a precedent.

> 4.2.4. Name Collision in the DNS
> Name Collision in the DNS [SDO-ICANN-COLL] is a study commissioned by
> ICANN that attempts to characterize the potential risk to the
> Internet of adding global DNS delegations for names that were not
> previously delegated in the DNS, not reserved under any RFC, but also
> known to be (.local) or surmised to be (.corp) in significant use for
> special-use-type reasons (local scope DNS, or other resolution
> protocols altogether).

This study is from before the new gTLD program.  The assumption in the
report need to be tested against what actually happened in the round of
new gTLDs before it can be included as part of the fact basis for this
work.  We also need information on the degree of success that the
various mitigation strategies had in overcoming possible problems to
have a full picture of the problem as it has been shown in practice.

----

re Problem Statement for the Reservation of Special-Use Domain Names
using RFC6761

> The applicants for [RFC6761] status cannot be guaranteed that
> leakage will not occur and will need to take this into account
> in their protocol design.

This seems an example of a statement that includes both a problem and a
possible solution.

Additionally I think that putting the names pictures in the broader
context is important, even though dnsop WG will be restricted to
solutions based on DNS. Seems important to understand the larger system
DNS is part of these days and moving into the future.

avri


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus