IETF Logo Mail Archive

Re: [DNSOP] on private use TLDS

Doug Barton <dougb@dougbarton.us> Thu, 28 November 2019 04:39 UTC

Return-Path: <dougb@dougbarton.us>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19CEC12010D for <dnsop@ietfa.amsl.com>; Wed, 27 Nov 2019 20:39:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dougbarton.us
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wOkPNubYuX80 for <dnsop@ietfa.amsl.com>; Wed, 27 Nov 2019 20:39:39 -0800 (PST)
Received: from dougbarton.us (dougbarton.us [IPv6:2607:f2f8:ab14::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C84F120013 for <dnsop@ietf.org>; Wed, 27 Nov 2019 20:39:39 -0800 (PST)
Received: from [IPv6:2600:6c50:17f:7759:b4bf:bc0a:78c5:1a15] (unknown [IPv6:2600:6c50:17f:7759:b4bf:bc0a:78c5:1a15]) by dougbarton.us (Postfix) with ESMTPSA id 924571F39 for <dnsop@ietf.org>; Wed, 27 Nov 2019 20:39:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dougbarton.us; s=dkim; t=1574915978; bh=bG5BrYeTeVPAFCPms4OJXppN2tq10ihs3zJrPlMpbLs=; h=Subject:To:References:From:Date:In-Reply-To:From; b=rpGCGYGq7IGwQbnMAaAOL3/hVaS3Xaf1EY2OodU8RCMh1dxn0GCgK6vyY2x84GULm nBVuawotKQkl7RXv5pKU2hHEv32x1g20NPgDp3ti9buaBj1C+jRKBBGxiGmvgaeVMU 4OMzyhC8Xc/Zp7NEidJfQhOjdm/toCvq90kc6od4=
To: dnsop@ietf.org
References: <B679F326-54A0-4010-BD41-F2F317417169@dnss.ec> <CAAiTEH8U=N_wkgGitxZWySBJT2TWnWHdeqA4hUs0YFgDZHv8Tw@mail.gmail.com>
From: Doug Barton <dougb@dougbarton.us>
Message-ID: <71ad677a-8c88-8916-fe02-7d0d8ae930b9@dougbarton.us>
Date: Wed, 27 Nov 2019 20:39:38 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1
MIME-Version: 1.0
In-Reply-To: <CAAiTEH8U=N_wkgGitxZWySBJT2TWnWHdeqA4hUs0YFgDZHv8Tw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/jIxuZwZa8iyKYgqvkDI9F2eVvoI>
Subject: Re: [DNSOP] on private use TLDS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Nov 2019 04:39:41 -0000

On 11/26/19 9:16 AM, Matthew Pounsett wrote:
> 
> 
> On Tue, 26 Nov 2019 at 05:19, Roy Arends <roy@dnss.ec 
> <mailto:roy@dnss.ec>> wrote:
> 
>     “ZZ” was used in my presentation as an example. Since this
>     bikeshedding is siphoning attention from the important part of the
>     discussion, I’ll try to re-focus on the question here:
> 
>     "Is it safe to use ISO3166-1 Alpha-2 code elements from the User
>     Assigned range as top level domains for my own private use?"
> 
> 
> Thanks for the context, Roy.  Speaking as someone who was not at the 
> IETF meeting this week, I found the earlier thread confusing.  But, it 
> looks like the assumed context of bringing up "what can we use this for" 
> as "can we assign this string in an RFC?" was correct.
> 
> It seems like reassignment of anything in the User Assigned range is 
> unlikely, however that is the purview of the iSO 3166 maintenance 
> agency, and not the IETF.  However unlikely it is, we cannot be 
> absolutely certain they will never reassign those, and so we should not 
> include them in any standard (note the lower-case) published by the 
> IETF.  Even if the IETF is just cut & pasting their current advice, I 
> think it's unwise.
> 
> I'm also persuaded by Bill's argument that the IETF has already stated 
> that ISO 3166 has control over that bit of the namespace, and trying to 
> take back part of it is confusing, bad form, and risky.
> 
> Even though they're not specifically proposed, only mentioned in 
> passing, I'd also like to point out that the referenced potential uses 
> of things like XH instead of home.arpa. is even more risky, because that 
> fixes that string for a specific use, even if it's private.  Using XH as 
> an example, if that had been chosen it would run the risk of colliding 
> with some legitimate use of XH already being used by a User... if that 
> user then also needed to interoperate with Homenet technologies they'd 
> be hosed.
> 
> I think, instead of an RFC, what you really want is a Best Current 
> Practices document, outside of the IETF, that is simply a redirect to 
> the current ISO 3166 document.  Instead of DNSOP, I'd suggest you have a 
> chat with one or more  of the BCOP efforts at the NOGs.

I agree with Matt, Bill Woodcock, Steve Crocker, and others that have 
expressed that we should stay out of ISO's sandbox. Whatever the rules 
are today, they can change, and poaching their stuff for our purposes is 
bad form (and yes, I feel that poaching is what is being proposed, in 
spite of the arguments to the contrary).

ICANN has already said that it's not going to ever delegate CORP, HOME, 
or MAIL. 
(https://www.icann.org/en/system/files/files/name-collision-mitigation-01aug14-en.pdf 
Section 3.2) IMO it would be useful for the IETF, with ICANN's 
cooperation, to codify that (if it hasn't been done already). I also 
think INTERNAL as a private-use TLD is a good idea, and should be 
included in the same doc. It's also useful to mention the distinction 
between using something temporarily for testing, and building 
infrastructure around it. If someone wants to put together a document 
like that I would be happy to offer support, review, and/or 
contributions if so desired.

So what's the harm? Aside from the PR issues related to poaching ISO 
3166 stuff, I have personally been involved a few times in unwinding the 
giant mess created when clients decided that they were going to use a 
string as an internal TLD, and then subsequently it got delegated 
publicly. This creates serious problems, is difficult to debug, and 
expensive to fix. The advice we've given folks for decades is, "Don't 
take it upon yourself to grab something that doesn't belong to you and 
build your network on it." In my view, that's what is being recommended 
here; and having seen the damage it causes first hand, I cannot support 
the proposal.

Doug

-- 
Since I haven't been involved in the group for a while here is a 
mini-resume for those that don't know me, offered with no small amount 
of embarrassment:
DNS and domain name work for 25 years, 20+ of doing it for a living
Formerly a regular IETF participant
Former GM of the IANA
Former consultant in the DNS/DHCP/IPAM and domain name spaces
Currently managing the domain name portfolio for a Fortune 100 corporation

That said, all views are my own, and are worth exactly what you paid for 
them.  :)

v2.23.0 | Report a Bug | By Email