Re: [DNSOP] Fwd: New Version Notification for draft-adpkja-dnsop-special-names-problem-00.txt

Warren Kumari <warren@kumari.net> Tue, 29 December 2015 16:48 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFB8D1A8890 for <dnsop@ietfa.amsl.com>; Tue, 29 Dec 2015 08:48:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.577
X-Spam-Level: ***
X-Spam-Status: No, score=3.577 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FRT_BELOW2=2.154, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id meMho3U0DlQi for <dnsop@ietfa.amsl.com>; Tue, 29 Dec 2015 08:48:17 -0800 (PST)
Received: from mail-yk0-x22e.google.com (mail-yk0-x22e.google.com [IPv6:2607:f8b0:4002:c07::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9C031A884E for <dnsop@ietf.org>; Tue, 29 Dec 2015 08:48:17 -0800 (PST)
Received: by mail-yk0-x22e.google.com with SMTP id k129so111461496yke.0 for <dnsop@ietf.org>; Tue, 29 Dec 2015 08:48:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :content-type; bh=2/gHmNlxdTaegxw+AQSP2Zd0WoNroe4fKtgsrDnz4KA=; b=jHOPZ3l/chy3Wh9xF2kgFTwZeGyS75hONJKWB8iRYzwiRcC2f61xngC2u4JbWCI1ET nU/Sm6R9ojmX3zRko7CH3A4Uy23HWlX0NqsPlgjYK/V5n7SFiicxhIALcKo7fH7k0Ooq d0A9ZBUIRFhopEAPngMRX3NrlPsZuPJKDTesD2bdU/iIFxmP1DHTaeAg6Fj+dO5bGQa3 e/lf9T5g16ONlLMDGrYkLkqDhxuAxUImawO/i7toeGEQlEsEHU6etZYaOW7UTue39TJo 5Vid27gV1ITAzKa3Qz1rh4f//PAiZCm9f3bJT9eU5p31l4MI1oNdAld10MxE7H0DgNoI 95ZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:content-type; bh=2/gHmNlxdTaegxw+AQSP2Zd0WoNroe4fKtgsrDnz4KA=; b=DfCRqJNs5tFBLggKYpX0Wb9S6XnhhclcfXlF2ZY/lAWeuTVBq9iFsvJIKwAtd1jkeL Zxg57INW4BMnwmETC6/knYf4vNMtLWdOUI27l5TZyJqcvB6g51hhzEUNjjM1pHp6zs0z hjSoUfBv2t2QHMM7bVHwW0FF4geZzCM/AmGCxmIiz3t+sKoggRyk1vTMmsF3UIs7a16W +Ra6yQYHOdNpLh/UI71Ab6KBKwWdApQzTQnBj/RZdVMZLSnE6JKRfjVDZlkjaFSPPVPC b/6upiVwlRQmhmW2Eb0TXKul7uC//oiCKb1q5yXOmZGIDA5gykWF5UJe5Kdyj4DHlWaR ds7Q==
X-Gm-Message-State: ALoCoQmObT6JRhD9Hz2X8DDN262IUkQ274QHte75gL7hNy7aaOVLKahqEl2CUs33wbrXHgGwriBYdOzG51OyROe+de75OD2sgZ3cWxB9EN92s3ijCJ62DUk=
X-Received: by 10.13.210.67 with SMTP id u64mr26784515ywd.42.1451407696809; Tue, 29 Dec 2015 08:48:16 -0800 (PST)
MIME-Version: 1.0
References: <20151019232608.9713.92337.idtracker@ietfa.amsl.com> <68818B75-F6F6-44A1-BAF5-BB68B7BD86F6@hopcount.ca> <CAHw9_iJ6pJh+5VQSJHvZ+zoCsdeMfgYrDFQOvUiHGN=+4GQvww@mail.gmail.com>
In-Reply-To: <CAHw9_iJ6pJh+5VQSJHvZ+zoCsdeMfgYrDFQOvUiHGN=+4GQvww@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
Date: Tue, 29 Dec 2015 16:48:06 +0000
Message-ID: <CAHw9_iKRd-cKAf7q+EwS42z1B_1EgPc_ZethKuyKKVi=XrEZsw@mail.gmail.com>
To: Joe Abley <jabley@hopcount.ca>, dnsop WG <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary=001a114e7e303182f905280c3085
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/WsCMyYJJ5ZxxUlM_7PeVB4QI2o8>
Subject: Re: [DNSOP] Fwd: New Version Notification for draft-adpkja-dnsop-special-names-problem-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Dec 2015 16:48:23 -0000

On Fri, Dec 4, 2015 at 6:01 PM Warren Kumari <warren@kumari.net> wrote:

> On Thu, Oct 29, 2015 at 9:27 AM Joe Abley <jabley@hopcount.ca> wrote:
>
>> Hi all,
>>
>> Our esteemed chairs have recently outlined a path forward for addressing
>> the IESG's concerns relating to the implementation of RFC 6761,
>> triggered by the experience of assessing RFC 7686 ('The ".onion"
>> Special-Use Domain Name'). The IESG's concerns are summarised in
>> <http://www.ietf.org/blog/2015/09/onion/>.
>>
>> Paraphrasing Suz and Tim (please correct me if I mis-speak) the approach
>> to be taken in this working group is to try to achieve consensus on a
>> problem statement as a first step, following which we will be in better
>> shape to have focused discussion of potential solutions. A call for
>> volunteers was made to augment an earlier ad-hoc design-team design-team
>> to write up that problem statement, consisting of Alain Durand, Peter
>> Koch and me, and I gather that some eligible thrill-seekers have already
>> put their names forward to join us.
>>
>> A very rough first cut of a problem statement was submitted hurriedly
>> before the 00 cut-off deadline in order to try and move this
>> conversation forward (see below). This text doesn't even represent
>> particularly strong consensus amongst Peter, Alain and me, never mind
>> the yet-to-be-fully-formed design team or the working group as a whole,
>> but it's a starting point. An earlier rendering of the text with
>> different organisation (that was not submitted) can be found at
>> <https://github.com/ableyjoe/draft-adpkja-dnsop-special-names-problem>.
>>
>> I take full, personal responsibility for the gratuitous definition of
>> "aardvark", and the ancient, historical quotes from the namedroppers
>> archive that you'll find in appendix A. You're welcome.
>>
>>
> Thanks again to the design team for writing this....
>
> Before I forget, here are some readability / grammar nits. I have some
> more substantive comments too, but I wanted to send these over before I
> accidentally close that buffer :-)
>

... and some more notes below:

Abstract:
I found this to be really confusing, especially in an abstract:
"This framework has been used to make top-level domain
reservations, that is, particular top-level domains that should not
be used within the DNS to accommodate parallel use of non-DNS name
resolution protocols by end-users and avoid the possibility of
namespace collisions."

How about:
"This framework has been used to reserve top-level domains that should not
be used within the DNS to avoid the possibility of
namespace collisions in parallel use of non-DNS name
resolution protocols"
Still not great, but (IMO) less confusing..

Section 1:
I think it is time to remove the Aardvark.

Section 2:
The below seems to be missing some words, and also seems convoluted.
"In recent years, using the last label of a domain name (aka TLD) as
switch to indicate how to treat name resolution has been experimented
using the framework of [RFC6761]. "

How about:
"In a number of recent cases, the framework in RFC6761 has been used to
allow the last label in a name to act as a switch to indicate the
resolution process (or how to treat name resolution).
Examples of such switches include: .example (don't resolve), .local (use
mDNS), .onion (use tor), any TLD registered in IANA-maintained root-zone
(use DNS)."

"It could indicate to switch to another name space (eg .onion), use a
different protocol (eg tor, or mdns), or indicate to use a local DNS"

s/tor/Tor/g
s/mdns/mDNS/g


4.  Architectural considerations
The first thing to consider in this discussion is that not all names
(or domain names) are par of the Domain Name System
s/par/part/

"If we accept the notion that the most significant label of a domain
name is actually a protocol switch, it implies that we are actually
building a catalog of all top level domains that explain which are
are switches."
I'm not quite sure what this is trying to say, especially the last bit
("that explain which are
are switches."). Perhaps: "we are actually building a catalog of all top
level domains and what resolution protocol each one invokes" ?

"Note that such a catalog does not formally exist today."
Is this actually true? Isn't the IANA Special Use Names Registry ("
http://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml"
) *supposed* to be that? I'm not saying that it is actually complete or
accurate, but if I were looking for the "formal" place where this would be
Id probably point there...

5.  Technical considerations
"However, it is not clear what any of those audiences might reasonably
expect as a result of a successful request to add a top-level domain to the
Registry."
Hmmm. I'd thought that a reasonable expectation from many of the audiences
is that the string is reserved and would not be used as a resolution switch
by others. I'm *assuming* that, e.g the Tor folk reasonably expect that
someone applying for the DNS TLD .onion would not be granted it. This seems
to match up with what e.g the CABForum seemed to expect that having it
reserved would accomplish.
Additionally, having a reference in a Registry (e.g an RFC) provides a
place to provide information on how the name should be handled, especially
in the cases where it leaks - for example, the .ALT draft requests that the
string be added to the "Locally Served DNS Zones" ( [RFC6303]) to attempt
to limit the pollution.

Section 6.1.  Non-exhaustive list of external organizational considerations
Missing a period at the end of the last sentence.

Section 6.2.1.  Process
s/DNSop/DNSOP/g


Section 6.2.2.  Technical criteria
"Regardless of the actual name being proposed as protocol switch, it
is also not clear what technical criteria should the evaluation body
use to examine the merit of an application for such a reserved name/
protocol switch.  For example, is large scale prior deployment an
acceptable criteria?"
I believe that a major issue (apart from the obvious '"define "large"') is
that this encourages people to simply squat on a string and use it until
they reach some threshold. Part of the justification for .ALT was that it
provided a sandbox for people to build a community and test their name
resolution system, without squatting. Once they reach some threshold, then
(perhaps) they could demonstrate large scale deployment.  I understand that
this document isn't (necessarily) advocating for "large scale prior
deployment"  as a criteria, but I think that it should at least mention
that this criteria would encourage squatting.


6.2.3.  Name evaluation
"When processing gTLD applications, ICANN has a process to review
those to check if the proposed names are potentially offensive to
certain communities, have political ramifications, etc.. It is worth
asking if the IETF should have a similar process in place to evaluate
specific proposed reserved names, and, if so, how such process would
be implemented, and how appeals should be handled?"
The ICANN process is huge and hulking, and has many moving parts. There is
also much politics and subtleties. This is not always clear to people who
are not involved in it, and so the readers of this document may
underestimate the (monetary + time + political + ickiness) cost in the IETF
spinning up a parallel process. There is also the root problem of what
happens if ICANN approves .foo as a (DNS) TLD at the same time that the
IETF approves .foo as a protocol switch. Or, ICANN turns down .narnia on
geographic (political) grounds and then Eustace Scrubb comes to the IETF to
get it approved as a protocol switch. Or if ICANN determines "damn" to be
offensive, what this means for the IETF evaluating it.
I understand that the document is not (necessarily) advocating for the IETF
setting up a parallel system, but it is (IMO) worth discussing that there
exists the (strong) possibility of collisions between the two policy
processes -- this is kinda at the root of the entire issue.

W



>
> ================
> Abstract
>
> ......
>
> [RFC6761] introduced a framework by which, under certain
> circumstances, a particular domain name could be acknowledged as
> being special.  This framework has been used to make top-level domain
> reservations, that is, particular top-level domains that should not
> [O] reservations, that is, particular
> [P] reservations; that is, particular
> [R] grammar
> ...
> be used within the DNS to accommodate parallel use of non-DNS name
> resolution protocols by end-users and avoid the possibility of
> namespace collisions.
> ....
> 1.  Terminology
>
> Clear and unambiguous use of terminology is important for the clear
> formulation of any problem statement.  The DNS protocol suffers from
> imprecise and overloaded terminology (e.g. see
> [I-D.ietf-dnsop-dns-terminology]) without confusing matters further
> with terms and concepts from other naming systems that are similar,
> but different.
>
> [o] The DNS protocol suffers from
> imprecise and overloaded terminology (e.g. see
> [I-D.ietf-dnsop-dns-terminology]) without confusing matters further
> with terms and concepts from other naming systems that are similar,
> but different.
> [P] The DNS protocol suffers from imprecise and overloaded terminology
> (e.g. see
> [I-D.ietf-dnsop-dns-terminology]). The use of terms and concepts from
> other naming systems that are similar (but different) simply confuses
> matters further.
> [R] readability -- I *think* this is what was meant?
> In the interests of clarity, the following terms used in this
> document are to be interpreted as follows:
>
> .....
> 4.  Architectural considerations
>
> The first thing to consider in this discussion is that not all names
> (or domain names) are par of the Domain Name System.  See [ID-lewis-
> [O] are par of the
> [P] are part of the
> [R] typo
>
> domain-names] for an in-depth discussion on this topic.
> ....
>
>
> LOCAL is used by the Multicast DNS protocol specified in [RFC6762]
> which is similar in some respects to the DNS, but which uses
> different well-known port number and is limited to a particular
> [O] different well-known port number
> [P] a different well-known port number
> [R] grammar
>
> multicast scope;
> ....
>
> It should also be noted that there are other choice than using the
> [O] there are other choice
> [P] there are other choices
> [R] grammar
>
> most significant label for a protocol switch.  In particular, a
> proposal to move those protocol switches under a specific top level
> domain has been discussed (.ALT).  If that architecture choice is
> made, some of the questions listed in the sections bellow would
> [O] bellow
> [P] below
> [R] spelling
>
> become moot.
>
> 5.  Technical considerations
> .....
> Such documents might well be opaque to many
> readers ([RFC6762] is a seventy-page protocol specification, for
> example, which is arguably not the most expressive way to set
> [O] expressive
> [P] effective
> [R] optional; might be a better word choice?
> expectations of non-technical end-users).
>
>
> At the time of writing, the DNSOP working group charter does not
> clearly indicate that DNSOP is the proper venue for the evaluation to
> be carried out, although it also says that matters regarding the
> namespace are on topic.  Also, as pointed out in section 3.2), we are
> [O])
> [P]
> [R] no matching open parenthesis
>
>
> 6.2.2.  Technical criteria
>
> Regardless of the actual name being proposed as protocol switch, it
> is also not clear what technical criteria should the evaluation body
> use to examine the merit of an application for such a reserved name/
> [O] what technical criteria should the evaluation body
> use
> [P] what technical criteria the evaluation body should use
> [R] readability
>
> ===========
>
>
>
>> I will unfortunately not be in Yokohama next week, but I would encourage
>> anybody interested in the general problem space to discuss it on this
>> list. I think it's reasonable to consider the current and future design
>> team victims to be a secretariat for this discussion, and the content of
>> any consensus on this needs to come from an open and transparent
>> discussion here, in the working group.
>>
>>
>> Joe
>>
>> Forwarded message:
>>
>> > From: internet-drafts@ietf.org
>> > To: Joe Abley <jabley@dyn.com>om>, Peter Koch <pk@denic.de>de>, Peter Koch
>> > <pk@DENIC.DE>DE>, Alain Durand <alain.durand@icann.org>
>> > Subject: New Version Notification for
>> > draft-adpkja-dnsop-special-names-problem-00.txt
>> > Date: Mon, 19 Oct 2015 16:26:08 -0700
>> >
>> >
>> > A new version of I-D, draft-adpkja-dnsop-special-names-problem-00.txt
>> > has been successfully submitted by Alain Durand and posted to the
>> > IETF repository.
>> >
>> > Name:         draft-adpkja-dnsop-special-names-problem
>> > Revision:     00
>> > Title:                Problem Statement for the Reservation of
>> Top-Level Domains in
>> > the Special-Use Domain Names Registry
>> > Document date:        2015-10-19
>> > Group:                Individual Submission
>> > Pages:                12
>> > URL:
>> >
>> https://www.ietf.org/internet-drafts/draft-adpkja-dnsop-special-names-problem-00.txt
>> > Status:
>> >
>> https://datatracker.ietf.org/doc/draft-adpkja-dnsop-special-names-problem/
>> > Htmlized:
>> > https://tools.ietf.org/html/draft-adpkja-dnsop-special-names-problem-00
>> >
>> >
>> > Abstract:
>> > The dominant protocol for name resolution on the Internet is the
>> > Domain Name System (DNS).  However, other protocols exist that are
>> > fundamentally different from the DNS, but which have syntactically-
>> > similar namespaces.
>> >
>> > When an end-user triggers resolution of a name on a system which
>> > supports multiple, different protocols for name resolution, it is
>> > desirable that the protocol to be used is unambiguous, and that
>> > requests intended for one protocol are not inadvertently addressed
>> > using another.
>> >
>> > [RFC6761] introduced a framework by which, under certain
>> > circumstances, a particular domain name could be acknowledged as
>> > being special.  This framework has been used to make top-level domain
>> > reservations, that is, particular top-level domains that should not
>> > be used within the DNS to accommodate parallel use of non-DNS name
>> > resolution protocols by end-users and avoid the possibility of
>> > namespace collisions.
>> >
>> > Various challenges have become apparent with this application of the
>> > guidance provided in [RFC6761].  This document aims to document those
>> > challenges in the form of a problem statement, to facilitate further
>> > discussion of potential solutions.
>> >
>> >
>> >
>> >
>> > Please note that it may take a couple of minutes from the time of
>> > submission
>> > until the htmlized version and diff are available at tools.ietf.org.
>> >
>> > The IETF Secretariat
>> >
>>
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://www.ietf.org/mailman/listinfo/dnsop
>>
>