IETF Logo Mail Archive

Re: [DNSOP] Call for Adoption: draft-arends-private-use-tld

Tony Finch <dot@dotat.at> Mon, 15 June 2020 23:59 UTC

Return-Path: <dot@dotat.at>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BD783A0B01 for <dnsop@ietfa.amsl.com>; Mon, 15 Jun 2020 16:59:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hi-CKEZhdOJc for <dnsop@ietfa.amsl.com>; Mon, 15 Jun 2020 16:59:11 -0700 (PDT)
Received: from ppsw-42.csi.cam.ac.uk (ppsw-42.csi.cam.ac.uk [131.111.8.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89E723A09C9 for <dnsop@ietf.org>; Mon, 15 Jun 2020 16:59:11 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus
Received: from grey.csi.cam.ac.uk ([131.111.57.57]:44678) by ppsw-42.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.138]:25) with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) id 1jkz0J-000l7q-6z (Exim 4.92.3) (return-path <dot@dotat.at>); Tue, 16 Jun 2020 00:59:03 +0100
Date: Tue, 16 Jun 2020 00:59:02 +0100
From: Tony Finch <dot@dotat.at>
To: Paul Vixie <paul@redbarn.org>
cc: Tim Wicinski <tjw.ietf@gmail.com>, dnsop <dnsop@ietf.org>, John Levine <johnl@taugh.com>, Brian Dickson <brian.peter.dickson@gmail.com>
In-Reply-To: <1841095.5rLNbfcsjP@linux-9daj>
Message-ID: <alpine.DEB.2.20.2006160026430.28941@grey.csi.cam.ac.uk>
References: <CAH1iCiouFfMRYoREwhhTbQfnNserw3RVUPs8Pzc8CvNEhysYCw@mail.gmail.com> <1654175.cGJSrOA2b8@linux-9daj> <alpine.DEB.2.20.2006152320360.28941@grey.csi.cam.ac.uk> <1841095.5rLNbfcsjP@linux-9daj>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/b_pzKckSZ-ERh9X81EXTP-DdbsQ>
Subject: Re: [DNSOP] Call for Adoption: draft-arends-private-use-tld
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jun 2020 23:59:14 -0000

Paul Vixie <paul@redbarn.org> wrote:
>
> > I.e. the proposed use case is already widely deployed and known to be a
> > bad idea.
>
> known by whom, and how? (got URL?)

Gosh well I thought this was widely agreed folklore / common sense since
the 1990s and I'm not in the habit of collecting links to essays on "why X
is a bad idea" when it seems from my perspective that approximately nobody
writes essays like that because X is obviously a bad idea... :-)

But, we know that overlapping name spaces and address spaces are a
nightmare for mergers and acquisitions.

It's incompatible with private interconnects, such as organizations
collaborating without mergeing, or home-to-home VPNs.

We know that non-unique namespaces are incompatible with the web security
model.

We know that it's incompatible with PKIX. (You can do private x.509 but
not public.)

We know it's incompatible with DNSSEC. (You can set up a private root, but
then we're back to splendid isolation and arcane technical expertise.)

Overall it scuppers much of the protocols that support end-to-end
connectivity and security.

And the breakage is unnecessary because we know there are straightforward
alternatives that avoid the problems.

[ I am maybe exaggerating a bit about the 1990s, because back then, when
Microsoft Small Business Server was encouraging everyone and their dog to
squat on .local, domain names were 10x more expensive than now and 100x
more difficult to obtain, so they had a reasonable excuse, but it was
still terrible. ]

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
Channel Islands: South to southeast 2 to 4, becoming variable 1 to 3 by early
afternoon, then northwest 1 to 3 by midnight. Smooth or slight. Scattered
thundery showers, mainly near French coasts, risk of mist or fog patches,
mainly in the north of the area. Moderate or good, occasionally poor, perhaps
locally very poor.

v2.23.0 | Report a Bug | By Email