Re: [DNSOP] WG review of draft-ietf-homenet-dot-03

Mark Andrews <marka@isc.org> Tue, 21 March 2017 05:53 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D5DC12951A for <dnsop@ietfa.amsl.com>; Mon, 20 Mar 2017 22:53:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, PP_MIME_FAKE_ASCII_TEXT=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RvITrNP43xu9 for <dnsop@ietfa.amsl.com>; Mon, 20 Mar 2017 22:53:04 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8371812947A for <dnsop@ietf.org>; Mon, 20 Mar 2017 22:53:04 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 58E083496EF; Tue, 21 Mar 2017 05:53:01 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 45009160041; Tue, 21 Mar 2017 05:53:01 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 26CCA1600BD; Tue, 21 Mar 2017 05:53:01 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id oAjAsynwZPnr; Tue, 21 Mar 2017 05:53:01 +0000 (UTC)
Received: from rock.dv.isc.org (50-193-53-102-static.hfc.comcastbusiness.net [50.193.53.102]) by zmx1.isc.org (Postfix) with ESMTPSA id 0856D160041; Tue, 21 Mar 2017 05:53:01 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 15C0E671BB5D; Tue, 21 Mar 2017 16:52:55 +1100 (EST)
To: Russ Housley <housley@vigilsec.com>
Cc: Terry Manderson <terry.manderson@icann.org>, dnsop <dnsop@ietf.org>
From: Mark Andrews <marka@isc.org>
References: <1E14B142-680B-4E30-809B-68E03EB6E326@gmail.com> <61FD3EE3-3043-4AB1-9823-6A9D61B1438C@vigilsec.com>
In-reply-to: Your message of "Mon, 20 Mar 2017 11:43:52 -0400." <61FD3EE3-3043-4AB1-9823-6A9D61B1438C@vigilsec.com>
Date: Tue, 21 Mar 2017 16:52:55 +1100
Message-Id: <20170321055255.15C0E671BB5D@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/eobtIOvxBTDMI_neYZThVds3Qtk>
Subject: Re: [DNSOP] WG review of draft-ietf-homenet-dot-03
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Mar 2017 05:53:07 -0000

In message <61FD3EE3-3043-4AB1-9823-6A9D61B1438C@vigilsec.com>om>, Russ Housley wr
ites:

> I have a big problem with Section 6 of draft-ietf-homenet-dot-03.  If the
> domain name is to be published in the root zone, then I do not think that
> the special-use TLD registration is appropriate.  That said, if the
> requirement for publication in the root zone is removed, I do not have a
> problem with proceeding with a special-use TLD registration.
>
> Russ

Russ,
       what is different between the special use domain name
10.in-addr.arpa name being published in the in-arpa.arpa zone and
the special use domain name (to be) homenet being published in the
root zone.

* They are BOTH published/expected to be published in the parent zone.
* They BOTH do not expect lookups except of DS records at that name.
* Both want to break chain of trust from the root zone at the name.

>From a operational point of view there is zero difference, yet you
say one should be published and one shouldn't.

What is you technical reasoning behind this.

Nowhere does making a name special use preclude publishing it?

There are other special use names that really should also be in the
registry because they are baked into software.

in-addr.arpa is special use because that is the name we use to
construct IPv4 address to name lookups.

ip6.arpa is special use because that is the name we use to construct
IPv6 address to name lookups.

Both of these should be is the special use domain registry.

Mark

> > On Mar 19, 2017, at 9:44 PM, Suzanne Woolf <suzworldwide@gmail.com>
> wrote:
> >
> > Hi,
> >
> > The INT Area Director who oversees the homenet WG, Terry Manderson, has
> asked DNSOP participants to review
> https://www.ietf.org/id/draft-ietf-homenet-dot-03.txt
> <https://www.ietf.org/id/draft-ietf-homenet-dot-03.txt>, "Special Use Top
> Level Domain '.homenet’”, with the following aspects in mind:
> >
> > 1) in terms of RFC6761
> >
> > 2) in terms of the _operational_ position of an unsigned entry in the
> root zone as requested in this document, to break the chain of trust for
> local DNS resolution of .homenet names.
> >
> > This document is the product of the homenet WG, which has asked the
> IESG to approve it for publication, so our comments are strictly advisory
> to the IESG. There was some discussion of the draft on this list shortly
> after it appeared, in November 2016, but it’s always the AD’s prerogative
> to ask for additional review.
> >
> >
> >
> > thanks,
> > Suzanne & Tim

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org