IETF Logo Mail Archive

Re: [DNSOP] Interim DNSOP WG meeting on Special Use Names: some reading material

Ted Lemon <Ted.Lemon@nominum.com> Thu, 14 May 2015 15:52 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEC3A1A8733 for <dnsop@ietfa.amsl.com>; Thu, 14 May 2015 08:52:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D1mo81NriOij for <dnsop@ietfa.amsl.com>; Thu, 14 May 2015 08:52:44 -0700 (PDT)
Received: from sjc1-mx02-inside.nominum.com (sjc1-mx02-inside.nominum.com [64.89.234.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BE0F1A8732 for <dnsop@ietf.org>; Thu, 14 May 2015 08:52:44 -0700 (PDT)
Received: from webmail.nominum.com (cas-03.win.nominum.com [64.89.235.66]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certificate Authority - G2" (verified OK)) by sjc1-mx02-inside.nominum.com (Postfix) with ESMTPS id 0ECAEDA008B; Thu, 14 May 2015 15:52:44 +0000 (UTC)
Received: from [10.0.1.29] (8.20.190.66) by CAS-03.WIN.NOMINUM.COM (192.168.1.100) with Microsoft SMTP Server (TLS) id 14.3.224.2; Thu, 14 May 2015 08:52:43 -0700
References: <20150513205135.14395.qmail@ary.lan> <7AD02DF7-45A5-42CE-AAE2-50CCAE3B6A4F@virtualized.org> <0EC766DD-E56D-4E6F-80D7-8B26BC87A528@INTERISLE.NET> <5E25D193-A5A4-46FC-A724-A4125585CAD8@virtualized.org> <0EE18E9E-E7D2-42E3-AEE8-9A43C4032120@nominum.com> <6AA67FEA-4C81-4259-A14F-471D8984D21A@virtualized.org>
In-Reply-To: <6AA67FEA-4C81-4259-A14F-471D8984D21A@virtualized.org>
MIME-Version: 1.0 (1.0)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative; boundary="Apple-Mail-157CDED3-EAC7-4CE4-B90E-FB7C617A44A2"
Message-ID: <93F9C146-B6FA-4454-A1B8-798795A19B31@nominum.com>
X-Mailer: iPad Mail (12F69)
From: Ted Lemon <Ted.Lemon@nominum.com>
Date: Thu, 14 May 2015 11:52:43 -0400
To: David Conrad <drc@virtualized.org>
X-Originating-IP: [8.20.190.66]
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/yap5SkvQyWQCOjPWtVz_kMqujXs>
Cc: dnsop WG <dnsop@ietf.org>, Ted Lemon <Ted.Lemon@nominum.com>
Subject: Re: [DNSOP] Interim DNSOP WG meeting on Special Use Names: some reading material
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 May 2015 15:52:49 -0000

> On May 14, 2015, at 11:21 AM, David Conrad <drc@virtualized.org> wrote:
> 
> However, as I said, how it is labeled is somewhat irrelevant. What matters to me is figuring out the objective criteria by which we can determine whether and/or how a particular label is being used so much that its delegation in the DNS would damage the Internet's security/stability.  So far, all the criteria I've seen to date boils down to Justice Stewart's "I know it when I see it" which makes me uncomfortable.

I think the idea that there could be any such criterion is aptly refuted by the existence of an adjudication process in ICANN, as well as the difficulty ICANN has had in actually selling TLDs. Despite our wishes to the contrary, processes of this sort are not like protocols, and typically can't run themselves. That is why the human element is so heavily relied on. IETF process in particular absolutely cannot work without this human element, which is baked in and referred to as "rough consensus."

>> But in the case of .onion, .corp and .home, we _do_ have such a reason.
> 
> Great!  What is that reason so it can be encoded into an RFC, can be measured, and there can be an objective evaluation as to whether a prospective name can be placed into the Special Use Names registry?

The technical argument is different in each case.  In the case of .onion, I refer you to the ToR documentation as well as the two drafts that are being discussed. In the case of .corp and .home, the organizations that started using these names had reasons for using them. If these reasons were documented in drafts and presented to the working group, I would expect the working group to consider them, and either reach consensus to publish, or not. I would expect that consensus to be arrived at on the technical merits of the proposal, not on the basis of various participants' various opinions about fairness or amount of traffic at the root.  Until that happens, the IETF's position on both .corp and .home is nonexistent, and they should not be put in the special use names registry.

Irrespective of the technical merits of .corp and .home, of course, the DNSOP working group might well publish a document talking about the operational implications of .corp and .home with respect to the root, but I personally see very little value in doing so, since the leaks of these names are likely coming from devices operated by people who would never read such a document.

v2.23.0 | Report a Bug | By Email