Re: [DNSOP] moving forward on special use names
George Michaelson <ggm@algebras.org> Mon, 19 September 2016 02:05 UTC
Return-Path: <ggm@algebras.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4085F12B0B5 for <dnsop@ietfa.amsl.com>; Sun, 18 Sep 2016 19:05:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=algebras-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 33CxmJP4W4hX for <dnsop@ietfa.amsl.com>; Sun, 18 Sep 2016 19:05:25 -0700 (PDT)
Received: from mail-yw0-x229.google.com (mail-yw0-x229.google.com [IPv6:2607:f8b0:4002:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6BB912B0AE for <dnsop@ietf.org>; Sun, 18 Sep 2016 19:05:24 -0700 (PDT)
Received: by mail-yw0-x229.google.com with SMTP id t67so124613180ywg.3 for <dnsop@ietf.org>; Sun, 18 Sep 2016 19:05:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=algebras-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-transfer-encoding; bh=xgfQQ/91bmwd/qDbMqt2QneJGuY80lxPCI/98iBjnuY=; b=OU/aIO+ZYzFsww68vyY3sorA9Xwd/jScXKWd6xX1San5XZFnBDnP5Umw/Y4GtfGByj lkWXa3fHLz+tmoNLRV3lDqSZOGCOT+niSFXF3vEeH9fXrK3xp11cWhzKd1vv2wfPptTq Xs4Drtyr2hf+/d9rVxNYBQmHoL0oyIkmrCHfh5ZRiivasmV/8TV+lumNldOxzMSX5G9D uInm4j7MU7CvmStcz27EIX7rHFfpUtLpgnggwCx59lLlU1je7fgfrxamLxjb0/Xx9rAy H0YOCKw8UmiL+qq8r+3GAtHS6bW/oB2NQ3bD3ePSE7KsG4z+UKJlKJcpUfMqqMpc8Act Rc3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-transfer-encoding; bh=xgfQQ/91bmwd/qDbMqt2QneJGuY80lxPCI/98iBjnuY=; b=eiOw1B6m0PTE7RvS4x0fpyDLWlDSFP/R/n7+ltzROIb9QkCVF8DWhSORg/WSlIS9no bGqm7ADp1DaTlhbaWCZfvi9CnNq3fZttVNN4KTJMIE3IufA7uuKamJxLOaPajZWUMOyI 2wNI5SkgeXOKxmlpNmi2oaSEioFkMo8tlvEqHENiP1y6iguViawmwdccwZYrtMuYgylq uYJr2Velxhy0t8G7wzqXskDZeiJYfWda5nddBpSyayGe3R91j2X5JRWjlQ0wUfAtS9yf JYYGBol6hrQBEdX1ourmOW6XdyG9qUrft4HWMJH3JSlf7O9iVggGhSlwDRPXRe+q1T8Z qIcw==
X-Gm-Message-State: AE9vXwMMX9McxKesIc3L/VfOJWt53aR152nYWNZc/nTOQYXigzNzjSNPJ632xlY++7FrRba2sxizUgr/TT4pgw==
X-Received: by 10.129.109.6 with SMTP id i6mr7588740ywc.291.1474250723932; Sun, 18 Sep 2016 19:05:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.50.73 with HTTP; Sun, 18 Sep 2016 19:05:23 -0700 (PDT)
X-Originating-IP: [2001:dc0:a000:4:5c6e:73d2:2e4e:7066]
In-Reply-To: <CAPt1N1=pVw+o2fsftqJw72CZxAA1a2+-hhCT0xz1MmPkYNMd9g@mail.gmail.com>
References: <20160916181356.70566.qmail@ary.lan> <D2C5DF2A-9A4A-4E72-92BE-BD8808578BCD@gmail.com> <CAPt1N1=pVw+o2fsftqJw72CZxAA1a2+-hhCT0xz1MmPkYNMd9g@mail.gmail.com>
From: George Michaelson <ggm@algebras.org>
Date: Mon, 19 Sep 2016 12:05:23 +1000
Message-ID: <CAKr6gn1+pHYWL_h-5ZP=eCNUFsoJRd3WKU8rqYh9Z-yzJE5TZg@mail.gmail.com>
To: dnsop WG <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/mvwKApIr30RB24KsMs6amDc6CKk>
Subject: Re: [DNSOP] moving forward on special use names
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Sep 2016 02:05:27 -0000
This is an instance of embedding. {thing@example.com}.{non-DNS-part} is not subject to special delegation rules in some sense, because the test of {non-DNS-part} requires no DNS action. If its synonymous with _special_label_.{non-DNS-part}.{example.com} then its about a conversation with upper systems to perform the transformation. If {non-DNS-part} doesn't obey domain rules, and is not deterministically structured, it can be {non-DNS-part}.some.sub.dom.ain eg .ALT and work fine. It doesn't have to be a terminal on the RHS. For .onion we were told this was non-negotiably not available. So now we have the generic problem: upper name handling systems 'above' the DNS don't want to be required to do work, to mangle apparent-names, purported-named (whatever they are) according to any proscriptive ruleset, to determine what to do: They want the DNS to do the work, that drives them into a state to handle the exceptions. Thats where my primary complaint in shut-it-down came in: This is an unreasonable burden on the hierarchy of domain-names, as a thing in itself. "we" can't have it both ways. We can't have clean domain-name models and coerce the domain-name model to cope with non-domain-name concepts. And "we" can't keep it simple up in applications/URI space, if we have to do special-case handling up there. Shame we did think 6761 fixed this: it doesn't. On Mon, Sep 19, 2016 at 11:57 AM, Ted Lemon <mellon@fugue.com> wrote: > Okay, this is an interesting application that would certainly require some > sort of 6761-style action. Do you believe that it is not covered by the > current problem statement? > > On Sun, Sep 18, 2016 at 9:00 PM, Phill <hallam@gmail.com> wrote: >> >> There is actually a fifth type of name, escaped names. Right now, the only >> names we have of this type are SRV protocol tags, (_http._tcp.example.com) >> and internationalized names (xn—wev.com) >> >> I want to add a third set of escaped names, one that has similar >> functionality to .onion but does not leak as much information. >> >> example.com.m >> f-- >> b2gk >> 6 >> - >> duf5 >> y >> - >> gyyl >> - >> jn5e >> d >> >> >> This is a strong domain name and to interpret it we require a policy that >> is validated under the UDF fingerprint b2gk >> 6 >> - >> duf5 >> y >> - >> gyyl >> - >> jn5e >> d. This in turn is a base 32 encoding of 92 bits of digest value plus an 8 >> bit version string. The fingerprint is over a content type identifier plus >> some content as specified here. >> >> https://tools.ietf.org/html/draft-hallambaker-udf-03 >> >> The content is typically going to be some sort of cryptographic key (PGP, >> PKIX, SSH, JOSE, whatever) that signs some sort of assertion that states how >> the address ‘example.com’ is to be interpreted. >> >> The trick here is that we can now bind security policy direct to any DNS >> name without having to muck about with DNSSEC, or for that matter any other >> PKI standard other than the particular standard we want. >> >> >> Lets say that Alice is using OpenPGP and her OpenPGPv5 key is >> mw83i-32ri4-83klq-3odp3. We can form an address from that: >> >> alice@example.com.mf--mw83i-32ri4-83klq-3odp3 >> >> Now that isn’t an address that we can interpret without access to Alice’s >> public key. Which is actually what I kinda want because I am fed up of spam. >> The fact that I give you my address does not mean I want just anyone being >> able to use it. >> >> In the ordinary course of business, my ‘strong name aware’ mailer knows >> that it has to resolve mf--mw83i-32ri4-83klq-3odp3 somehow before it can use >> that email address. If I just type it into Outlook, the client will happily >> pass it on to my mail server and then it will get ‘stuck’ unless the mail >> system can figure out how to use that address. Which is exactly what you >> would want to happen with confidential mail. >> >> If the address can be resolved, the result is normally going to be a >> policy that says what protocols the address can be used with and how. >> >> Now, naturally, a split horizon DNS would be one natural place to provide >> access to a resolution service, but it need not be the only one. >> >> >> The use of strong DNS names represents a major step forward in achieving a >> genuinely decentralized Web. Instead of there being an institution at the >> trust apex of the Internet, there is a digest function and a PKI scheme. >> >> >> On Sep 16, 2016, at 2:13 PM, John Levine <johnl@taugh.com> wrote: >> >> The drafts are: >> https://datatracker.ietf.org/doc/draft-tldr-sutld-ps/ >> https://datatracker.ietf.org/doc/draft-adpkja-dnsop-special-names-problem/ >> >> >> Having read them both, neither one thrills me but I'd give the nod to >> adpkja. The "Internet Names" in tldr seems to me a bad idea, since >> there are a lot of other names on the Internet such as URIs and handle >> system names, and this is about domain names. >> >> It seems to me there are four kinds of names we have to worry about, and >> neither draft calls them all out clearly: >> >> * Names resolved globally with the DNS protocol, i.e. >> ordinary DNS names >> >> * Names resolved globally with an agreed non-DNS protocol, e.g. >> .onion via ToR >> >> * Names resolved locally with an agreed non-DNS protocol, e.g, >> .local via mDNS >> >> * Names resolved locally with unknown protocols, e.g. .corp and >> .home, the toxic waste names >> >> R's, >> John >> >> >> >> >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop >> >> >> >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop >> > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
- [DNSOP] moving forward on special use names Suzanne Woolf
- Re: [DNSOP] moving forward on special use names Warren Kumari
- Re: [DNSOP] moving forward on special use names Alain Durand
- Re: [DNSOP] moving forward on special use names John Levine
- Re: [DNSOP] moving forward on special use names Ted Lemon
- Re: [DNSOP] moving forward on special use names John Levine
- Re: [DNSOP] moving forward on special use names Ted Lemon
- Re: [DNSOP] moving forward on special use names Ted Lemon
- Re: [DNSOP] moving forward on special use names John R Levine
- Re: [DNSOP] moving forward on special use names Warren Kumari
- Re: [DNSOP] moving forward on special use names Warren Kumari
- Re: [DNSOP] moving forward on special use names John R Levine
- Re: [DNSOP] moving forward on special use names Ted Lemon
- Re: [DNSOP] moving forward on special use names John R Levine
- Re: [DNSOP] moving forward on special use names Ted Lemon
- Re: [DNSOP] moving forward on special use names Ted Lemon
- Re: [DNSOP] moving forward on special use names John R Levine
- Re: [DNSOP] moving forward on special use names Warren Kumari
- Re: [DNSOP] moving forward on special use names John Levine
- Re: [DNSOP] moving forward on special use names Alain Durand
- Re: [DNSOP] moving forward on toxic and/or specia… John R Levine
- Re: [DNSOP] moving forward on special use names Ted Lemon
- Re: [DNSOP] moving forward on special use names John R Levine
- Re: [DNSOP] moving forward on special use names Alain Durand
- Re: [DNSOP] moving forward on special use names Ralph Droms
- Re: [DNSOP] moving forward on special use names Ted Lemon
- Re: [DNSOP] moving forward on special use names Alain Durand
- Re: [DNSOP] moving forward on special use names Ted Lemon
- Re: [DNSOP] moving forward on special use names avri doria
- Re: [DNSOP] moving forward on special use names John Levine
- Re: [DNSOP] moving forward on special use names Ted Lemon
- Re: [DNSOP] moving forward on special use names John Levine
- Re: [DNSOP] moving forward on special use names Ted Lemon
- Re: [DNSOP] moving forward on special use names John R Levine
- Re: [DNSOP] moving forward on special use names Phill
- Re: [DNSOP] moving forward on special use names Phillip Hallam-Baker
- Re: [DNSOP] moving forward on special use names Ted Lemon
- Re: [DNSOP] moving forward on special use names George Michaelson
- Re: [DNSOP] moving forward on special use names Edward Lewis
- [DNSOP] Fwd: moving forward on special use names william manning
- Re: [DNSOP] moving forward on special use names Suzanne Woolf
- Re: [DNSOP] moving forward on special use names David Cake
- Re: [DNSOP] moving forward on special use names Ted Lemon
- Re: [DNSOP] moving forward on special use names Suzanne Woolf
- Re: [DNSOP] moving forward on special use names Alain Durand
- Re: [DNSOP] moving forward on special use names Ted Lemon
- Re: [DNSOP] moving forward on special use names hellekin