Re: [DNSOP] Some thoughts on special-use names, from an application standpoint

Jacob Appelbaum <jacob@appelbaum.net> Sun, 29 November 2015 12:38 UTC

Return-Path: <jacob@appelbaum.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 932661ACD72 for <dnsop@ietfa.amsl.com>; Sun, 29 Nov 2015 04:38:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TKsK2Gq0sAow for <dnsop@ietfa.amsl.com>; Sun, 29 Nov 2015 04:38:20 -0800 (PST)
Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12D861ACD6F for <dnsop@ietf.org>; Sun, 29 Nov 2015 04:38:19 -0800 (PST)
Received: by wmww144 with SMTP id w144so105450095wmw.0 for <dnsop@ietf.org>; Sun, 29 Nov 2015 04:38:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=appelbaum-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=5U2RkjDidjl/Lv3Hze3WRiHXqDA/Rjj9KAlDJKUIF3w=; b=1B+2CrUkzLanX8pmdM02H7iCj1O3b9GNUdJsaQghwxbrg48l+FwTJRpOAl4Jo4wFat eLYByVIhTzzVFUrnZ24/Q4t1bSCii1Cd1uXC3LHu+/XAfOD2zVLRgb3C6IJrFJIpUBBI 5Md8DexftBqf/PPECrLoOK/ZG7eVWG9+yRUCVste51V3tNDbNPC0dZ+AOxP0UbeOYUqm bCFEJvK/cZfH5U8aNitB93dwOfw1fC4DZaKr/QqsyLS3RBXY/0wAxStQv5YG2ayh4put OBpkCxdHfJMsh5gzeWW3uCs0Qfvk4lXNEhPOcTq8pXMS0jU3gfI/1SyaQWNKVwlSPGsL JaBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=5U2RkjDidjl/Lv3Hze3WRiHXqDA/Rjj9KAlDJKUIF3w=; b=ITh4pUw09U1fBNIYCVUUX0oObKKyQ1DpSOf+bt5WenMwp0AP7UA6s0bd3nGsdfGwRD FvCY1t/R0tVdAtzrQgDp09Od+oI9ErUAbAho/ZEJ9T4HEbxOS0Ue9ftjniNnHaI+R+3Q rX1w9lLB3y9ibQh7qNyjkmmLHypn+tEBRfVnJ2yZnx+CDF0yk0iibXMYJnkHISslidwF 270MGVOqV3SRQHBX995LeY7VKv2bPjt2Bi67u39bSYp+ukNNj3NZyFWEVYbEpg11r//u XMbxtRpEI0SULYJji7SfPe9Odf2Wiwd9k+wzVOaHMH/TverWdgfaFVPRqG3FFMWFWPHt /YlA==
X-Gm-Message-State: ALoCoQnz/yBRuqLvfa6eqXR5pm4v/wN4Hcqd/yhV+SShXf332TI11nVG6jnNpNt3UQgtOeeuHsek
MIME-Version: 1.0
X-Received: by 10.28.54.21 with SMTP id d21mr20885162wma.20.1448800698536; Sun, 29 Nov 2015 04:38:18 -0800 (PST)
Received: by 10.28.173.80 with HTTP; Sun, 29 Nov 2015 04:38:18 -0800 (PST)
X-Originating-IP: [37.187.114.36]
In-Reply-To: <m1a30za-0000IuC@stereo.hq.phicoh.net>
References: <80FD8D43-1552-4E10-97CD-9781FED204F2@mnot.net> <m1a30za-0000IuC@stereo.hq.phicoh.net>
Date: Sun, 29 Nov 2015 12:38:18 +0000
Message-ID: <CAFggDF1rPK63L8ua9crBB1nvnQ67JOYCQNHekzeO=jBXeDMK5Q@mail.gmail.com>
From: Jacob Appelbaum <jacob@appelbaum.net>
To: Philip Homburg <pch-dnsop@u-1.phicoh.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/zn-qhvpMdxdrkhW6VmLbBPGuo7o>
Cc: dnsop@ietf.org, Mark Nottingham <mnot@mnot.net>, George Michaelson <ggm@algebras.org>
Subject: Re: [DNSOP] Some thoughts on special-use names, from an application standpoint
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Nov 2015 12:38:21 -0000

On 11/29/15, Philip Homburg <pch-dnsop@u-1.phicoh.com> wrote:
>>.onion was the chosen approach precisely because nothing else but lookup
>> and s
>>ubsequent routing has to change; there are no other application-level
>> decision
>>s about .onion, and that's a feature. HTTP still works, TLS still works
>> (once
>>you can get a cert), links still work, HTML still works. Same-origin policy
>> st
>>ill works.
>
> Call me old-fashioned, but I think this is silly.
>
> The purpose of the domain name system is to name things. We have IP
> addresses and we want to refer to them using names. We do the same thing
> with mail domains, etc.

That is not the sole purpose - we use DNS for keys, for time stamps,
for data of all kinds.

>
> In goes a name, out comes some lower level entity.
>
> In this context an onion address should have been an 'IN ONION', i.e,
> www.example.com might have an 'IN ONION' address for use with TOR.
>

And that would also require special handling...

> Now instead, .onion doesn't map to anything. In goes an onion address (and
> not a name) out comes nothing. All, .onion does is signal a particular
> transport protocol.
>

The above is pretty much entirely false. It does map to things. It
does also do more than signal a transport protocol. It is also a
secure self authenticating name. The name is itself meaningful in a
global context.

> So it is a clear abuse of the domain name system. It might be that it is
> the
> best option. But my guess is that is was just the easiest hack to get it
> working.

I'd hardly call all of this work easy but I hear your point.

All the best,
Jacob