IETF Logo Mail Archive

Re: [DNSOP] draft-lewis-domain-names-00.txt

Alec Muffett <alecm@fb.com> Fri, 18 September 2015 13:55 UTC

Return-Path: <prvs=6703160180=alecm@fb.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7CFB1B2BFF for <dnsop@ietfa.amsl.com>; Fri, 18 Sep 2015 06:55:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.366
X-Spam-Level:
X-Spam-Status: No, score=-2.366 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FREywBNfqj8y for <dnsop@ietfa.amsl.com>; Fri, 18 Sep 2015 06:54:58 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0DEB1B2BF9 for <dnsop@ietf.org>; Fri, 18 Sep 2015 06:54:57 -0700 (PDT)
Received: from pps.filterd (m0044012 [127.0.0.1]) by mx0a-00082601.pphosted.com (8.14.5/8.14.5) with SMTP id t8IDq2iR000411; Fri, 18 Sep 2015 06:54:36 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fb.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=facebook; bh=IqQpHPNnqtJe2jviutryvG48vpOwcO2efOKTHLSkgP8=; b=eLwb8FzUkPqFiKyTlIACYnL+o+GU+sZgBKC/JjTkkcwtwrv5amzXGfYRIl32Wh3+20l6 Ck7b735g+gNzqsAdudefRt5Y04f05eLaXeuWF2xtwoWrdizU4yJAW/6HqaIL1OlrGxka eSb/S3qmQfHV3MVP+oWoKGqhNx56NoWNnYY=
Received: from mail.thefacebook.com ([199.201.64.23]) by mx0a-00082601.pphosted.com with ESMTP id 1x0htf8gqw-1 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Fri, 18 Sep 2015 06:54:36 -0700
Received: from PRN-MBX02-4.TheFacebook.com ([169.254.2.38]) by PRN-CHUB12.TheFacebook.com ([fe80::ddee:413f:3120:8216%12]) with mapi id 14.03.0248.002; Fri, 18 Sep 2015 06:54:35 -0700
From: Alec Muffett <alecm@fb.com>
To: George Michaelson <ggm@algebras.org>
Thread-Topic: [DNSOP] draft-lewis-domain-names-00.txt
Thread-Index: AQHQ8YNHdEo//bQ/vEaybYlWidLMPZ5CuraAgAAKsgA=
Date: Fri, 18 Sep 2015 13:54:34 +0000
Message-ID: <14957733-EB45-45ED-9B5C-55B0943CDACD@fb.com>
References: <D2209363.F235%edward.lewis@icann.org> <CAKr6gn1aM0=Mi3343aaXKc=WtqGnJqoQm64+r4LDKzT0MyAF7A@mail.gmail.com>
In-Reply-To: <CAKr6gn1aM0=Mi3343aaXKc=WtqGnJqoQm64+r4LDKzT0MyAF7A@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.52.123]
Content-Type: multipart/signed; boundary="Apple-Mail=_3B6B4367-3DA2-45C5-B44C-A654F36BC81F"; protocol="application/pgp-signature"; micalg="pgp-sha512"
MIME-Version: 1.0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.14.151, 1.0.33, 0.0.0000 definitions=2015-09-18_06:2015-09-18,2015-09-18,1970-01-01 signatures=0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/ypi5pfX7ykyc2rlgSzq3inL16R0>
Cc: Edward Lewis <edward.lewis@icann.org>, dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] draft-lewis-domain-names-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Sep 2015 13:55:00 -0000

> On Sep 18, 2015, at 14:16, George Michaelson <ggm@algebras.org> wrote:
> 
> My private comment bears repeating in public.
> 
> DOMAIN names is about the property of domains. Domains are encompassing, set-theory/venn-diagram style. A domain and a prefix are analogous concepts. One is expressed syntactically somehow, the other is a mathematical property of bounding in a number field but they have the same basic behaviour.
> 
> the UK domain order in coloured book mails obeyed this property: it just used reverse semantics to the ARPA model.
> 
> XXXXXXXX.onion is *not* a domain name inside the .onion part: as I understand it, the value is a hash, or other function which has no nesting properties expressed syntactically.

Hi, my name's Alec, I work for Facebook and lead the engineering team for Facebook over Tor.

You are certainly correct that the label immediately left of ".onion" is a hash, and functions not unlike a layer-3 address; however, there may be other labels leftwards of the hash, under (to some extent) other administrative control.

The canonical example of this would be: www.facebookcorewwwi.onion <http://www.facebookcorewwwi.onion/> versus m.facebookcorewwwwi.onion versus… well, anything.you.like.sixteencharshash.onion.

With onion addressing it's all a matter of whether the layer 7 protocol honours the symbolic name that it has been given (eg: www.facebookcorewwwi.onion <http://www.facebookcorewwwi.onion/>) and passes it to the server via metadata (eg: HTTP "Host:" header) rather than a delegated and differentiated address lookup.

I feel this may need clarification in your section on Tor addressing.  Perhaps it's not **really** domain-naming, but it **looks** much more like it.

Also, there is some information which requires correction:

According to an email message, ".onion" names may (in the future)
exceed the length limits of a label imposed on DNS domain names,
reaching 64, 80, or more bytes. [DNSOP1]

Per this e-mail:

https://www.ietf.org/mail-archive/web/ietf/current/msg94362.html <https://www.ietf.org/mail-archive/web/ietf/current/msg94362.html>

...from Nick Mathewson at Tor, he says:
So it's IMO fine to say ".onion addresses are case-insensitive and
will comply with existing DNS limitations for label lengths (63) and
maximum fqdn lengths (253ish)".
Which contradicts draft-lewis-domain-names-00

Also, my name's not "Alex" :-)

    - alec

v2.23.0 | Report a Bug | By Email