Re: [DNSOP] Public Suffix List

Stephane Bortzmeyer <bortzmeyer@nic.fr> Tue, 10 June 2008 08:01 UTC

Return-Path: <dnsop-bounces@ietf.org>
X-Original-To: dnsop-archive@optimus.ietf.org
Delivered-To: ietfarch-dnsop-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 816DC3A68B8; Tue, 10 Jun 2008 01:01:53 -0700 (PDT)
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 37A653A68B8 for <dnsop@core3.amsl.com>; Tue, 10 Jun 2008 01:01:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.575
X-Spam-Level:
X-Spam-Status: No, score=-5.575 tagged_above=-999 required=5 tests=[AWL=0.674, BAYES_00=-2.599, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RWAarfx0LFsU for <dnsop@core3.amsl.com>; Tue, 10 Jun 2008 01:01:51 -0700 (PDT)
Received: from mx2.nic.fr (mx2.nic.fr [192.134.4.11]) by core3.amsl.com (Postfix) with ESMTP id 24E023A677C for <dnsop@ietf.org>; Tue, 10 Jun 2008 01:01:51 -0700 (PDT)
Received: from mx2.nic.fr (localhost [127.0.0.1]) by mx2.nic.fr (Postfix) with SMTP id DE7981C00F6; Tue, 10 Jun 2008 10:02:09 +0200 (CEST)
Received: from relay2.nic.fr (relay2.nic.fr [192.134.4.163]) by mx2.nic.fr (Postfix) with ESMTP id D8AE41C00D5; Tue, 10 Jun 2008 10:02:09 +0200 (CEST)
Received: from bortzmeyer.nic.fr (batilda.nic.fr [192.134.4.69]) by relay2.nic.fr (Postfix) with ESMTP id D46B158ECCF; Tue, 10 Jun 2008 10:02:09 +0200 (CEST)
Date: Tue, 10 Jun 2008 10:02:09 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Ted Lemon <Ted.Lemon@nominum.com>
Message-ID: <20080610080209.GA1365@nic.fr>
References: <484CFF47.1050106@mozilla.org> <20080609142926.GC83012@commandprompt.com> <484D4191.104@mozilla.org> <20080609154002.GA93967@commandprompt.com> <484D5206.3000806@mozilla.org> <20080609214215.GF10260@commandprompt.com> <1B8CFAA1-E30A-4461-8B4E-BFF6E3A3A39C@nominum.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <1B8CFAA1-E30A-4461-8B4E-BFF6E3A3A39C@nominum.com>
X-Operating-System: Debian GNU/Linux lenny/sid
X-Kernel: Linux 2.6.24-1-686 i686
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Public Suffix List
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsop-bounces@ietf.org
Errors-To: dnsop-bounces@ietf.org

On Mon, Jun 09, 2008 at 04:53:01PM -0500,
 Ted Lemon <Ted.Lemon@nominum.com> wrote 
 a message of 16 lines which said:

> Why not just set up a list of TLDs in a mozilla.org subdomain, sign
> the subdomain with DNSSEC, put the DNSSEC public key into firefox,
> and have firefox consult the TLD list in the DNS, verified with
> DNSSEC, whenever information is needed?

Your proposal solves *one* problem (the one well explained by Andrew
Sullivan), the difficulty of having an up-to-date list in the
installed browsers.
 
It leaves open the other problems:

* Difficulty of managing this list (and even worse if every browser
  vendor ask the TLD managers for a slightly different info)
* Administrative boundaries at lower levels (if we delegate under
  ".fr", it says nothing about x.example.fr and y.example.fr: are they
  in the same administrative domain?)
* Mozilla's methods of arm-twisting 
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsopFrom dnsop-bounces@ietf.org  Tue Jun 10 01:01:53 2008
Return-Path: <dnsop-bounces@ietf.org>
X-Original-To: dnsop-archive@lists.ietf.org
Delivered-To: ietfarch-dnsop-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 816DC3A68B8;
	Tue, 10 Jun 2008 01:01:53 -0700 (PDT)
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 37A653A68B8
	for <dnsop@core3.amsl.com>; Tue, 10 Jun 2008 01:01:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.575
X-Spam-Level: 
X-Spam-Status: No, score=-5.575 tagged_above=-999 required=5 tests=[AWL=0.674, 
	BAYES_00=-2.599, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id RWAarfx0LFsU for <dnsop@core3.amsl.com>;
	Tue, 10 Jun 2008 01:01:51 -0700 (PDT)
Received: from mx2.nic.fr (mx2.nic.fr [192.134.4.11])
	by core3.amsl.com (Postfix) with ESMTP id 24E023A677C
	for <dnsop@ietf.org>; Tue, 10 Jun 2008 01:01:51 -0700 (PDT)
Received: from mx2.nic.fr (localhost [127.0.0.1])
	by mx2.nic.fr (Postfix) with SMTP id DE7981C00F6;
	Tue, 10 Jun 2008 10:02:09 +0200 (CEST)
Received: from relay2.nic.fr (relay2.nic.fr [192.134.4.163])
	by mx2.nic.fr (Postfix) with ESMTP id D8AE41C00D5;
	Tue, 10 Jun 2008 10:02:09 +0200 (CEST)
Received: from bortzmeyer.nic.fr (batilda.nic.fr [192.134.4.69])
	by relay2.nic.fr (Postfix) with ESMTP id D46B158ECCF;
	Tue, 10 Jun 2008 10:02:09 +0200 (CEST)
Date: Tue, 10 Jun 2008 10:02:09 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Ted Lemon <Ted.Lemon@nominum.com>
Message-ID: <20080610080209.GA1365@nic.fr>
References: <484CFF47.1050106@mozilla.org>
	<20080609142926.GC83012@commandprompt.com>
	<484D4191.104@mozilla.org>
	<20080609154002.GA93967@commandprompt.com>
	<484D5206.3000806@mozilla.org>
	<20080609214215.GF10260@commandprompt.com>
	<1B8CFAA1-E30A-4461-8B4E-BFF6E3A3A39C@nominum.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <1B8CFAA1-E30A-4461-8B4E-BFF6E3A3A39C@nominum.com>
X-Operating-System: Debian GNU/Linux lenny/sid
X-Kernel: Linux 2.6.24-1-686 i686
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Public Suffix List
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
	<mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
	<mailto:dnsop-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsop-bounces@ietf.org
Errors-To: dnsop-bounces@ietf.org

On Mon, Jun 09, 2008 at 04:53:01PM -0500,
 Ted Lemon <Ted.Lemon@nominum.com> wrote 
 a message of 16 lines which said:

> Why not just set up a list of TLDs in a mozilla.org subdomain, sign
> the subdomain with DNSSEC, put the DNSSEC public key into firefox,
> and have firefox consult the TLD list in the DNS, verified with
> DNSSEC, whenever information is needed?

Your proposal solves *one* problem (the one well explained by Andrew
Sullivan), the difficulty of having an up-to-date list in the
installed browsers.
 
It leaves open the other problems:

* Difficulty of managing this list (and even worse if every browser
  vendor ask the TLD managers for a slightly different info)
* Administrative boundaries at lower levels (if we delegate under
  ".fr", it says nothing about x.example.fr and y.example.fr: are they
  in the same administrative domain?)
* Mozilla's methods of arm-twisting 
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop