Re: [DNSOP] draft-schanzen-gns and namespace mechanisms
Brian Dickson <brian.peter.dickson@gmail.com> Fri, 19 August 2022 14:46 UTC
Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC74AC1522B4 for <dnsop@ietfa.amsl.com>; Fri, 19 Aug 2022 07:46:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yd97fT6heAPr for <dnsop@ietfa.amsl.com>; Fri, 19 Aug 2022 07:46:47 -0700 (PDT)
Received: from mail-pj1-x1031.google.com (mail-pj1-x1031.google.com [IPv6:2607:f8b0:4864:20::1031]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10483C14F73F for <dnsop@ietf.org>; Fri, 19 Aug 2022 07:46:47 -0700 (PDT)
Received: by mail-pj1-x1031.google.com with SMTP id pm17so4830726pjb.3 for <dnsop@ietf.org>; Fri, 19 Aug 2022 07:46:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=gs2FUOFrL9hd7HlhWukmpigNwHadQiYk+XUpeQnDDyo=; b=D7yqmz2HoYgs1wDpy0QknrjxOTF6uUsra+RoE6T/Ifu+hrVjqKwLaMyzml+I4Tc+7/ 6W/mUXgwPA9DXAbav/3IPMneTGc07m8q2lC9FoE67id94pWaZLtH6tpsAffaTJLRe3WN 0ZECPXEb1wJC7diWJ4ifjxBlBOiRURARhGYYMAcsOH5WZ6sDoRHbWjqfaEJuk/3VcRp+ 7cAEmdy7r65UzAxZ+sG2xT88SKG2GihQTATsix0GE+Lk59m3B5YSTCqyTbvqqYBZMcVE XSak8XyM6A+qzQ8IwpfZ8OmzYXW9KCRTHcUPS7AKNMqz24Zqo64A4KyF0BGrmb1PKe+z SfPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=gs2FUOFrL9hd7HlhWukmpigNwHadQiYk+XUpeQnDDyo=; b=xZIqQXA+Khng9YlRA93y3v+aVLde6FDf+icVSWp2pkRe0dI28v7ON43IKwb78vg4Wn EuQM1i/ptoyyBGxQUeNKduxDkspk0rSHN8WxSxziMjpnWPVfVsb4+GG0Jh2tJJeHyAIH DVqNBN77TiMwIMvBJa66VBpiRf3Qdct3xgJO5+oYI6WANa+2PSytA4t6A0xl6Yn9Aa1E n4kotlsrKk9lZsfyCm4sknm1yFUg04ZIG1fsjc8EhBUS3nVcS23J94yJ9zx6DAEN8cEP pCyfUmkjX2t94ockJhk6nGZ4RIYMOuR0O0nZYDcV6YgX8FAuc1wB/naGyn7egiw4f759 Aoyw==
X-Gm-Message-State: ACgBeo0HRxA9IlWKeE0KaDEYtyY2Hl0Og3cw7A0MUVDevLt2eJ+6iyvV aVP1uB89igbb3RvakXyP5xNRpjA1+pwyHKodhEJevni4
X-Google-Smtp-Source: AA6agR6u1Qx+SC/1m274fgGD+4ErhmcAuEOT0Ku6/5GpPQuF3d7JVy1ZdMfBN4IGGbhQ0R+tgvbNX1KP+UbI3ZF0Dw8=
X-Received: by 2002:a17:90a:68ce:b0:1f4:db83:1eea with SMTP id q14-20020a17090a68ce00b001f4db831eeamr14525104pjj.55.1660920406356; Fri, 19 Aug 2022 07:46:46 -0700 (PDT)
MIME-Version: 1.0
References: <91abb9ac-9d3b-87bf-5639-174581d625fd@rfc-editor.org>
In-Reply-To: <91abb9ac-9d3b-87bf-5639-174581d625fd@rfc-editor.org>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Fri, 19 Aug 2022 07:46:34 -0700
Message-ID: <CAH1iCioYdJf_d7M4bFOnkiURY2ppupnaksvkioPOMt_igcgCwA@mail.gmail.com>
To: "Independent Submissions Editor (Eliot Lear)" <rfc-ise@rfc-editor.org>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d2370105e6992afd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/eZpobFQPr1CqFPOElrpBzwAk_is>
Subject: Re: [DNSOP] draft-schanzen-gns and namespace mechanisms
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Aug 2022 14:46:50 -0000
One tidbit that might have been overlooked, is that draft-schanzen-gns (and the various documents it references, including stuff in github) has a technical problem. The TL;DR: is that nsswitch (and similar systems) depend on individual resolution mechanisms (whatever those may be) returning NXDOMAIN (or the equivalent) in order to fall through to the next mechanism. GNS as currently specified will NEVER return NXDOMAIN. The draft says so (about never returning NXDOMAIN) and explains why. The why doesn't matter, the what matters. What this means is, if nsswitch.conf has a line that looks like: hosts: gns dns files then the lookups will NEVER fall through to DNS or /etc/hosts. Changing the order around to put "gns" at the end of the list will work, but would result in DNS queries for GNS names always being done. This appears to not do what the draft says it wants to do (i.e. allowing users to have both GNS and DNS names in use, including allowing GNS to be preferred if a name collision occurs.) Here's the longer version: If GNS never returns NXDOMAIN, then the only way GNS can interoperate with the name resolution selectors such as nsswitch.conf is to use a namespace identifier of some kind, and return NXDOMAIN for any names that are not actual GNS names. (The identifier could be anything -- a suffix, a prefix, a single character, etc.) This would allow GNS to be a first-class member of the available resolution mechanisms, rather than being forced to always be the last mechanism in a list. Using some (any) mechanism that allows GNS names to be identifiable in such a way as to either allow GNS to internally distinguish GNS from DNS (and return NXDOMAIN for DNS names if the query sent to GNS is a DNS name), or for GNS to handle both GNS and DNS names on a similar basis (do a GNS resolve on GNS names, or do a DNS resolve on DNS names and return the result from the DNS call). Having DNS vs GNS ordering handled by the os-specific mechanism (such as nsswitch.conf) might be better for linux/unix systems (and servers and desktops generally), while mobile OS set-ups might use their own mechanisms. The GNS specification might also want to change its design so that applications make those decisions on resolution directly, and call whichever mechanism is appropriate, ie. call either GNS or DNS for resolution on the basis of the presence/absence of the GNS identifier. Additionally, the applications (e.g. web browsers) might handle the input/UI parts to default to either DNS or GNS, and "hide" the GNS identifier (similar to how the "www" prefix and "https:" service identifier are "hidden", but available for modification by users in the browser bar), allowing advanced users to do "the other thing", as appropriate, or whatever the GNS folks thing makes sense. E.g. in the browser UI for the URI, what might appear to the user as "foo.bar" might in fact be "https://www.foo.bar" (current DNS-as-default browser), or could alternatively be "https://www.foo.bar.gns.alt" (modified GNS-as-default browser). A user entering "foo.bar" would have that transformation applied by default, but also be editable if the user desires. Brian P.S. To be clear, this is an observation on a deficiency, and suggested possible fix, but it is not specifically advocating for the correction to be done.
- [DNSOP] draft-schanzen-gns and draft-ietf-dns-alt… Independent Submissions Editor (Eliot Lear)
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Ben Schwartz
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Joe Abley
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Stephane Bortzmeyer
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Paul Vixie
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Martin Schanzenbach
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Peter Thomassen
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… John Levine
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… John Levine
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Paul Wouters
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… George Michaelson
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Independent Submissions Editor (Eliot Lear)
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Martin Schanzenbach
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Joe Abley
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Independent Submissions Editor (Eliot Lear)
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Joe Abley
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Independent Submissions Editor (Eliot Lear)
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Vladimír Čunát
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Martin Schanzenbach
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Vladimír Čunát
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Schanzenbach, Martin
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Geoff Huston
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… David Conrad
- Re: [DNSOP] [Ext] draft-schanzen-gns and draft-ie… Paul Hoffman
- Re: [DNSOP] [Ext] draft-schanzen-gns and draft-ie… Andrew Sullivan
- Re: [DNSOP] [Ext] draft-schanzen-gns and draft-ie… John R. Levine
- Re: [DNSOP] [Ext] draft-schanzen-gns and draft-ie… Martin Schanzenbach
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Paul Vixie
- Re: [DNSOP] [Ext] draft-schanzen-gns and draft-ie… Schanzenbach, Martin
- Re: [DNSOP] [Ext] draft-schanzen-gns and draft-ie… Paul Hoffman
- Re: [DNSOP] [Ext] draft-schanzen-gns and draft-ie… Schanzenbach, Martin
- Re: [DNSOP] [Ext] draft-schanzen-gns and draft-ie… Paul Hoffman
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Brian Dickson
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Martin Schanzenbach
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Vittorio Bertola
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Schanzenbach, Martin
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… Vittorio Bertola
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… Schanzenbach, Martin
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… Schanzenbach, Martin
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… David Conrad
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… Schanzenbach, Martin
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Brian Dickson
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… Independent Submissions Editor (Eliot Lear)
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… Christian Huitema
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… George Michaelson
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… Christian Huitema
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… John Levine
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… George Michaelson
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… Christian Huitema
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… Joe Abley
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… Independent Submissions Editor (Eliot Lear)
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… Vittorio Bertola
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… Paul Wouters
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… Paul Wouters
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… Jim Reid
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… John R Levine
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… Paul Hoffman
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… Paul Wouters
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… Paul Vixie
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Ray Bellis
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… Vladimír Čunát
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… John Levine
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Stephen Farrell
- Re: [DNSOP] [EXT] Re: draft-schanzen-gns and draf… Christian Huitema
- Re: [DNSOP] draft-schanzen-gns and namespace mech… Brian Dickson
- Re: [DNSOP] draft-schanzen-gns and namespace mech… Schanzenbach, Martin
- Re: [DNSOP] draft-schanzen-gns and namespace mech… Schanzenbach, Martin
- Re: [DNSOP] draft-schanzen-gns and draft-ietf-dns… Harald Alvestrand