IETF Logo Mail Archive

Re: [DNSOP] Fwd: New Version Notification for draft-sahib-domain-verification-techniques-02.txt

Brian Dickson <brian.peter.dickson@gmail.com> Sat, 26 June 2021 02:14 UTC

Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09FF53A1919 for <dnsop@ietfa.amsl.com>; Fri, 25 Jun 2021 19:14:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HOncYDBcnojY for <dnsop@ietfa.amsl.com>; Fri, 25 Jun 2021 19:14:43 -0700 (PDT)
Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01EC73A1916 for <dnsop@ietf.org>; Fri, 25 Jun 2021 19:14:42 -0700 (PDT)
Received: by mail-lf1-x12e.google.com with SMTP id a11so19507620lfg.11 for <dnsop@ietf.org>; Fri, 25 Jun 2021 19:14:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tBpJeiMp4QWOYv6vIo0MCxrfcA3xB7L0sX938cnz1Rk=; b=nFB/UYnrDg95iiMCorXj5PuZ5PeVvpDrbyMXhbfJOHknS6Xj2F9Aza020nMq94LjTP OFXvtOK0d00LtpT3wnEHXH8lFQjlhjRRSK7wfhBcxwav5aBPlDJZropRB5/ufnU/ijDX Oa34GQuoiKCwF9V2xU0IFJlWXjs0IU0ryaudl3A0EZ027ME+QeJGLD1YWY3U6TrbZSDb u4bikF6kbY9S6QaXlCzCLEZYMOHUIaLOhMJ0frEKAVJIoqlMV9rN4HrPo95MsUwZrhqf nKZhyruZpSoUiAuSLuLV3Xg+R1BOVMIp7sz8m//NVZzbw74+TpqghxuC5utl2ErLnf1d PfbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tBpJeiMp4QWOYv6vIo0MCxrfcA3xB7L0sX938cnz1Rk=; b=I346Vawhrq82cvkwRf7NNjk6CNy67YRihp8Y/+fP0cXQu2K9ZjUP6JSY6kdzvxdrh8 FXRaYVyimimCRn2ktfaI9y25JLLH64ctoKicAB5XbrGBfXEigTg2AKqUVCIprBnjCve1 SivX7nIYVgX8Fxl8/aSbX3Ysh6ASLe7/D+5BZ3Havoq1/HM/8CGEX5d9mtGvmS0WHRmW QotMUs4oXSC5yUa47o8XAatnzUddUttyYd6z4j/n8B6buzlef9/SQydmiq+wFQjAKpaW lJDeLKU5Dx3GNV2TBbNoNHXShqoKbr6kuFN4fie+EPOKzkE2FB0oXzMJgcXT1FNWshpX maXg==
X-Gm-Message-State: AOAM5332tytchRdhSGXclOzZj72fm5A6I89C+AUbRrl+c1q5UdRMI++G 4GcOcqmv1KVFTH7+xKY8si0BvcBJZQuzEE84Gbg=
X-Google-Smtp-Source: ABdhPJxP/ARhqYx/qU9E3AfKyklgW4+a1qEYS0YI7A6m/AhmFcteOgnkFLuvHYiw8Nurz+oFReJF5Vw2c/pBGlQRIaE=
X-Received: by 2002:ac2:5f8e:: with SMTP id r14mr10540215lfe.510.1624673676160; Fri, 25 Jun 2021 19:14:36 -0700 (PDT)
MIME-Version: 1.0
References: <162334242319.22850.4241161345806462552@ietfa.amsl.com> <CAG3f7Mi92moegB2656HUdgQQ_i8bKw6KH0JcsBVHP+hEc22Quw@mail.gmail.com> <20210613162559.GB14433@sources.org> <CAG3f7MiFv1P=0ncCyN2=jV18KUhEo4bo20O=atjMROLchGVFuw@mail.gmail.com> <CAHPuVdUo-eBpjw7xRtbq=PcY=9oBugL6oAuijb2=0FKSNrxYkQ@mail.gmail.com> <CADyWQ+FgLuvBxtdGT56R=damkTyTac9pSDqwgZKNH85rwD-NNQ@mail.gmail.com> <CAHPuVdUnFHT8hFKeHUjcfKwwvV_j5Ge0iFH+6oQzU=SkOwWLxw@mail.gmail.com> <a8567147-369f-29cf-954a-c96346b0f8b8@nohats.ca>
In-Reply-To: <a8567147-369f-29cf-954a-c96346b0f8b8@nohats.ca>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Fri, 25 Jun 2021 19:14:24 -0700
Message-ID: <CAH1iCiphKAtL9cBS60Vpn9zo8u0f86RFWZR6PBP_ZB3b6F-G3w@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>
Cc: Shumon Huque <shuque@gmail.com>, Tim Wicinski <tjw.ietf@gmail.com>, Shivan Kaul Sahib <shivankaulsahib@gmail.com>, "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000057f31105c5a1d14e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/wuunMqdHpc4CnvwiVPrDqH0_erM>
Subject: Re: [DNSOP] Fwd: New Version Notification for draft-sahib-domain-verification-techniques-02.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Jun 2021 02:14:48 -0000

On Tue, Jun 15, 2021 at 12:03 PM Paul Wouters <paul@nohats.ca> wrote:

> On Tue, 15 Jun 2021, Shumon Huque wrote:
>
> > On Tue, Jun 15, 2021 at 12:46 PM Tim Wicinski <tjw.ietf@gmail.com>
> wrote:
> >
> >             Yes, Stephane, we were envisioning recommending an
> underscore label. Of course, that leads to how to avoid collisions in that
> >             space, and whether we need to establish a registry of
> application service names.
> >
> >
> > You mean, a different registry than this one
> >
> https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#underscored-globally-scoped-dns-node-names
> >
> > tim
> >
> >
> > Tim - yes, I think this would be a bit different. The above is for IETF
> defined protocols. This one (if we think it's a good idea) would have to
> encompass
> > arbitrary Internet application services, many that could be proprietary
> services of companies.
>
> <hat> I am one of the underscored-globally-scoped-dns-node-names Experts
>
> The _underscore registry is "Expert Review" only, meaning it is not only
> used for IETF defined protocols. It's only goal is to be a place where
> people can register a unique name to avoid name collision between
> different protocols/applications using it.
>
> As such, it would be fine for this draft to commend registration there.
> It could also start its own _underscore registry.
>
> </hat>
>
> Of course, if people ensure the names they use are somehow linked to
> their product of business name, it becomes fairly unique to begin
> with, and a registry might not be needed. Like people shouldn't be
> using _registration or _website_auth or something generic like that.
> My personal preference would be to focus stronger on generating proper
> names (and embedded expire / recurring check within the name) that
> would ensure no central registry of any kind would be needed.
>

The only real issue I see is managing the underscore namespace as a flat
namespace.
Given that DNS itself was engineered in part to be hierarchical as a
solution to the scaling problems of hosts.txt,
maybe using an underscore scheme that is hierarchical would solve some/many
of these problems?
(Perhaps carved out with its own underscore suffix.)

The analogy that comes to mind is the MIB tree, with the public branch
(.1.3.6.1.2.1) and the enterprise (.1.3.6.1.4.1).
The enterprise portion of the tree has a very large number of nodes.
Using numeric values rather than names avoids name collisions.

These are just suggestions though.

 YMMV.
Brian

v2.23.0 | Report a Bug | By Email