Re: [DNSOP] *.DNS metaTLD [ref: additional special names]

Stephane Bortzmeyer <> Sun, 02 March 2014 23:03 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 46C541A0A82 for <>; Sun, 2 Mar 2014 15:03:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9R6dkzCz9kcY for <>; Sun, 2 Mar 2014 15:03:15 -0800 (PST)
Received: from ( [IPv6:2001:4b98:dc0:41:216:3eff:fece:1902]) by (Postfix) with ESMTP id 126021A0A41 for <>; Sun, 2 Mar 2014 15:03:14 -0800 (PST)
Received: by (Postfix, from userid 10) id 12FD93B8D8; Sun, 2 Mar 2014 23:03:10 +0000 (UTC)
Received: by tyrion (Postfix, from userid 1000) id 89645F00722; Mon, 3 Mar 2014 00:02:43 +0100 (CET)
Date: Sun, 2 Mar 2014 23:02:43 +0000
From: Stephane Bortzmeyer <>
To: Joe Abley <>
Message-ID: <>
References: <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
X-Transport: UUCP rules
X-Operating-System: Ubuntu 13.10 (saucy)
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc:, okTurtles <>
Subject: Re: [DNSOP] *.DNS metaTLD [ref: additional special names]
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 02 Mar 2014 23:03:17 -0000

On Sat, Mar 01, 2014 at 10:13:23PM -0500,
 Joe Abley <> wrote 
 a message of 93 lines which said:

> It's hard to see a better option than today than anchoring your new
> namespace to a domain that you register and pay for in the DNS. Your
> options in that regard include TLDs if your namespace is
> sufficiently sensitive to label length that you're prepared to pay
> the $500k+ for the process to register it; to my mind, your local
> TLD registrar can probably give you a better deal.

Bad idea. In most (all?) TLDs, you do not have sufficient security (I
don't mean technical security, I mean security against seizure or
things like that) so you risk losing your domain. And you have to
abide by the rules of a given TLD (not to mention you depend on yet
another actor, the registrar).

Of course, during the normal course of operations, it does not matter
since the normal requests are handled by another protocol, not the
DNS. But it has an importance when it comes to leaks (requests that
accidentally go to the DNS).