IETF Logo Mail Archive

Re: [DNSOP] Creating a registry for reserved labels.

Warren Kumari <warren@kumari.net> Fri, 28 September 2018 18:28 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E95C130E77 for <dnsop@ietfa.amsl.com>; Fri, 28 Sep 2018 11:28:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vq9mtA4Igety for <dnsop@ietfa.amsl.com>; Fri, 28 Sep 2018 11:28:08 -0700 (PDT)
Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com [IPv6:2a00:1450:4864:20::431]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BACA130E6D for <dnsop@ietf.org>; Fri, 28 Sep 2018 11:28:08 -0700 (PDT)
Received: by mail-wr1-x431.google.com with SMTP id s14-v6so7365034wrw.6 for <dnsop@ietf.org>; Fri, 28 Sep 2018 11:28:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VQDuewSSXB4As6utiIr2jSyM7+nSs62Nun1Lb3A/wvE=; b=VI8ednranetTwuviHVmBzlpp4JSggP3D555hITZnxPs+ZQQI4w23NFh/rq/SYSsAVq 5mnnWkZonf9zE0oryCfTdKjZe1aT5Kcyw4vtdpr8HoCq2lmtVKiNZ/TTPze7/YW44VrC AUJ+TAddpeh9i9Izv7CNTAMl1AOE1ub+SArJa38OYxfuw0Z/gnc+PDPGI4xExvZ154vT V7KQ2Thiv4MVFuWTXYemj3cuOorokA0ddp6yHERYagjW7c1Xtv6SagjvSR4PUJZalFDp nvAL+hPHSDc1fvFln6pbmWZXnBmIkx1Y+NfW1Fdr1rx8JN9A4EslqnFgg2CyLoByhfTX 1DnA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VQDuewSSXB4As6utiIr2jSyM7+nSs62Nun1Lb3A/wvE=; b=k/HqjtLCy0qBi9EuWizBDqu3Oy2J68VeQq8+WYGt0sLBaMkXgmcnEASDwP43FMsdx5 nun/MUtPTxIoOHzG0jV/0SwlEn+e79iqj0rVAraKH30xghZBBUa7/ZTOwfEHhJftdyMZ XhReiPTWCPKEtyjhoTb+lFuYP1cWpPGkq5BFM7JfbQwi7aHRCIwiYuSC2JVxq6sMcZmA F2d4GDD3653oillJ6HYCZ1Y+s+F1khHkOPvWHDbh32X06QjYVurlYVW84+6Bp56ljuuW hB5CkgiU0C6x+G9BDT9ZTLLhKdnxiBHqXAddcAwUndXTEzsSYVYLVLPo5y6qwkbuPGjH kOYg==
X-Gm-Message-State: ABuFfohESTURhVvmqfEZykRJpD0xuAjSdniLq1ZFLmHEPOQF8qdklN1f ffA0m5l7sG4VztOPPPfgq+lXl0Wwf/s6S6erFKrSHQ==
X-Google-Smtp-Source: ACcGV60NwOkcrclLj4zzfaEgPtWJVuRaZ9Fw3f/rGckCM3DkC46Nf7NXB1GlQNZJcanvKDp7oFJH+1Y3vo3RsYNchaY=
X-Received: by 2002:a5d:5148:: with SMTP id u8-v6mr5133510wrt.299.1538159286340; Fri, 28 Sep 2018 11:28:06 -0700 (PDT)
MIME-Version: 1.0
References: <E0EBE5CE-5EC9-4ACD-BB69-C44B48DE43EA@icann.org> <7189BAF5-5AE5-45D6-9DAA-32C77E6C4211@apnic.net>
In-Reply-To: <7189BAF5-5AE5-45D6-9DAA-32C77E6C4211@apnic.net>
From: Warren Kumari <warren@kumari.net>
Date: Fri, 28 Sep 2018 11:27:26 -0700
Message-ID: <CAHw9_iJARsLKydiUb71+m3oF40k8eDji7dq2-TPvgcmbuuwrqA@mail.gmail.com>
To: Geoff Huston <gih@apnic.net>
Cc: Paul Hoffman <paul.hoffman@icann.org>, dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ded89e0576f29dd7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/g2lCrjvmqBlrsqyNAJypjfdNXQw>
Subject: Re: [DNSOP] Creating a registry for reserved labels.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Sep 2018 18:28:11 -0000

On Fri, Sep 28, 2018 at 11:03 AM Geoff Huston <gih@apnic.net> wrote:

> fwiw I agree with Warren’s proposal and Paul’s observation that such a
> registry is
> a good idea and it need not reflect only left-most labels.
>
> However, I worry that this approach does not generalise and scale well and
> the registry
> maintenance guidelines should reflect an appropriately rigorous and
> conservative attitude to
> further additions.
>
>
Yup.

We are adding (at the IESG's request) this (thanks to Terry for the text):
------
"The special labels defined here came after extensive IETF evaluation
of alternative patterns and approaches in light of the desired
behaviour (sections 2.1, 2.2) within the resolver and the applied
testing methodology (section 4.3).  As one example, underscore
prefixed names were rejected because a number of browsers / operating
systems would not fetch them, as they were not viewed as valid
"hostnames". Attention was paid to the consideration of local
collisions and the reservation of Left Hand Side (LHS) labels of a
domain name, and the impact upon zone operators who might desire to
use a similarly constructed hostname for a purpose other than as
documented here.  Therefore, it is important to note that the
reservation of the labels in this manner is definitely not considered
"best practice".
-----
to the KSK document. The registry creation document should contain some
language explaining that this sort of thing is a poor design-pattern[0],
and should be avoided unless there is a really good reason.... but, if
people do things like this, having them documented is better than
astonishment.

W
[0]: Worst Current Practice?!



> But its a useful registry to have in any case imho
>
> Geoff
>
>
>
>
> > On 28 Sep 2018, at 1:42 am, Paul Hoffman <paul.hoffman@icann.org> wrote:
> >
> > On 27 Sep 2018, at 8:13, Warren Kumari wrote:
> >
> >> During the discussions on KSK Sentinel and MTA-STS (
> >> https://datatracker.ietf.org/doc/draft-ietf-uta-mta-sts/20/) the IESG
> noted
> >> that we recently have twice "reserved" use of a left hand
> (non-underscore)
> >> label.
> >>
> >> It is strongly felt that a registry to record names like this would be
> >> useful.
> >>
> >> Some examples of these names include:
> >> root-key-sentinel-not-ta-<number>.
> >> mta-sts.
> >> xn--(anything).
> >
> > xn--(anything) labels can appear anywhere.
> >
> >> Ok, good point.... but, I still think that labels which get special
> >> handling should be recorded *somewhere*, simply to satisfy the
> principle of
> >> least astonishment...
> >
> > Fully agree. However, the registry should probably be for "special
> handling", not just for left-most position.
> >>
> >> So, does would anyone be willing to volunteer to write a "Special Use
> >> Labels" document (similar to draft-ietf-dnsop-attrleaf) simply creating
> a
> >> registry for "these left hand labels are special / funny in some way" ?
> >
> > Sure.
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>


-- 
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
   ---maf

v2.23.0 | Report a Bug | By Email