IETF Logo Mail Archive

Re: [DNSOP] Some distinctions and a request - Have some class?

Andrew Sullivan <ajs@anvilwalrusden.com> Mon, 06 July 2015 12:31 UTC

Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30D701ACEA4 for <dnsop@ietfa.amsl.com>; Mon, 6 Jul 2015 05:31:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 67fORas2dCk2 for <dnsop@ietfa.amsl.com>; Mon, 6 Jul 2015 05:31:27 -0700 (PDT)
Received: from mx2.yitter.info (mx2.yitter.info [IPv6:2600:3c03::f03c:91ff:fedf:cfab]) by ietfa.amsl.com (Postfix) with ESMTP id 7849A1A1A92 for <dnsop@ietf.org>; Mon, 6 Jul 2015 05:31:27 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mx2.yitter.info (Postfix) with ESMTP id A2E8910370 for <dnsop@ietf.org>; Mon, 6 Jul 2015 12:31:26 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at crankycanuck.ca
Received: from mx2.yitter.info ([127.0.0.1]) by localhost (mx2.yitter.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5TFCZ0zwe9Gz for <dnsop@ietf.org>; Mon, 6 Jul 2015 12:31:25 +0000 (UTC)
Received: from mx2.yitter.info (c-50-169-68-91.hsd1.nh.comcast.net [50.169.68.91]) by mx2.yitter.info (Postfix) with ESMTPSA id 9095210012 for <dnsop@ietf.org>; Mon, 6 Jul 2015 12:31:25 +0000 (UTC)
Date: Mon, 06 Jul 2015 08:31:24 -0400
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: dnsop@ietf.org
Message-ID: <20150706123124.GF51577@mx2.yitter.info>
References: <5599A3CA.4060602@bellis.me.uk> <20150705171605.GA85633@isc.org> <20150706020154.GF49926@mx2.yitter.info> <20150706064818.GB6350@isc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20150706064818.GB6350@isc.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/vGXvWmi67H8Uba0f480G7iSQRs8>
Subject: Re: [DNSOP] Some distinctions and a request - Have some class?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jul 2015 12:31:29 -0000

On Mon, Jul 06, 2015 at 06:48:18AM +0000, Evan Hunt wrote:
> 
> The remark prefaced with "by convention" doesn't strike me as particularly
> definitive.

I suppose I'd feel better about that if LDH weren't enshrined at least
in operational policies all over the Internet.  But I suppose you're
right: we could issue a document formally deprecating the convention
and then explicitly noting that since aliases are defined in terms of
zones, therefore alias processing is not permitted to cross class
boundaries and can result in non-parallel name spaces.  In principle
classes would be useful again (though you're still right to note that
the code is almost completely unexercised.  I have been led to believe
that Jefsey Morfin and his friends intend to run/are running an
experiment using classes, so perhaps we're in for some excitement).

> Point taken, but the problem we're facing is magic special-purpose labels
> potentially being repurposed in the global DNS and thus becoming ambiguous.
> Allocating class ONION, class MDNS, etc, for things like this may actually
> turn out to be less trouble in the long run than ensuring that ICANN never
> sells anybody a TLD called .onion.

ICANN does have a policy that entries in 6761 are automatically out of
bounds, and I can't imagine the parallel universe where they decided
that was a bad rule.  So I'm not super worried about a collision.

You have an interesting point anyway, however, which is I guess what
Bill was saying in the first place.  If an application actually wanted
to protect itself from DNS processing the answer would not be to use a
magic string (which could well leak to the IN-class DNS) but instead
to call for resolution using a different class.  I wonder how many
libraries allow you to specify this.  I observe that at least the
getdns API has it available.  Maybe it really is time for another class.

I seem to recall that John Klensin suggested a separate class to
handle IDNs many years ago.  I'll see whether I can find any of the
relevant discussion as to why that road was not followed.

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com

v2.23.0 | Report a Bug | By Email