Re: [DNSOP] ALT-TLD and (insecure) delgations.

Andrew Sullivan <> Sun, 05 February 2017 16:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 94769129441 for <>; Sun, 5 Feb 2017 08:32:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key) header.b=nV4TGuwF; dkim=pass (1024-bit key) header.b=NFRGxO3+
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id dYh8dQUnZGDx for <>; Sun, 5 Feb 2017 08:32:07 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3E6AF129418 for <>; Sun, 5 Feb 2017 08:32:07 -0800 (PST)
Received: from localhost (localhost []) by (Postfix) with ESMTP id A3495BD554 for <>; Sun, 5 Feb 2017 16:31:36 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=default; t=1486312296; bh=9n+iQjuq1iTLR9qBoLN2kK2neFh03VVkdqnW6xla67M=; h=Date:From:To:Subject:References:In-Reply-To:From; b=nV4TGuwFhhg7RubjuUqsv/pkntagDr3EcmMpCTSWD6hregduWt1ZKKJfDyYwfciRL /yJNdpdxpTrYoYxP7tSq9WW7X6aimPSSAroUbPofAwxflUoZA8qZyWm2FfxNhJD3Ng Z4vANkZTUHoKdvRTpVxCCV823ALN+LE23HrKpzkg=
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6xIhryMY5S9W for <>; Sun, 5 Feb 2017 16:31:35 +0000 (UTC)
Date: Sun, 05 Feb 2017 11:31:33 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=default; t=1486312295; bh=9n+iQjuq1iTLR9qBoLN2kK2neFh03VVkdqnW6xla67M=; h=Date:From:To:Subject:References:In-Reply-To:From; b=NFRGxO3+VQ8M6I7vVVkAqH9yAmYhg2cMm5quOEyoyDOxwucpN1vbP/9UDLbwrafhg kEkIQbOP+vXVy9WHOpKinEP+agOuXyF7Qvi/FWflF2LLf/280rGvAt3eHtIegbxEWZ buQxjnnaHVUPXhdP3as0m1SbpQOsAp22GgZKzLc8=
From: Andrew Sullivan <>
Message-ID: <>
References: <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <>
Archived-At: <>
Subject: Re: [DNSOP] ALT-TLD and (insecure) delgations.
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 05 Feb 2017 16:32:08 -0000

On Sun, Feb 05, 2017 at 12:26:08AM +1100, Mark Andrews wrote:
> Given there are no rules for this type of namespace

Which "type of namespace" do you mean?

I think there are three possible namespaces you're talking about:

    1.  Domain names.  There are rules for these, though they're
    possibly underspecified.  The IETF now has change control over the
    namespace definition documents (though the creation of said
    namespace predates the IETF).  For this reason, the IETF was in a
    position to create the 6761 registry and thereby establish that
    there are some domain names that are treated specially.

    2.  Domain names that are candidates for some DNS
    zone.  There is a policy authority for these, and it's the
    operator of the zone in question.  Its rules for that zone apply.
    In the case of the DNS root zone, the policy authority for that
    zone is the names community as expressed through ICANN.
    (Similarly, I am the policy authority for the
    zone, and if you want a delegation in there you can talk to me.)

    3.  Domain names that are _not_ for use in the DNS.  This is one
    of the purposes of 6761, though perhaps not the only one.  So far,
    the rules for these have been mostly underspecified, though I
    think 6761 gives pretty compelling reasons why it's a good idea at
    least to register the use there.

The trouble we seem to be having is that we want something that is in
(2) but with no single policy authority for the zone.  It is not clear
that we have a way to do that if we start from the root.  We _might_
have a way to do it if we start from arpa, since the IAB is in charge
of arpa and doesn't have the policy problems that ICANN does.

The alt draft that Warren and I worked on was really intended to carve
out a place for (3).

> respect the reasons for the other rules which I did but you choose
> to completely cut out of the reply.

I cut them out because I don't believe the IETF is the unambiguous
source of those reasons.

Best regards,


Andrew Sullivan