IETF Logo Mail Archive

Re: [Rfc6761bis] New Non-WG Mailing List: rfc6761bis

Warren Kumari <warren@kumari.net> Tue, 13 December 2022 17:03 UTC

Return-Path: <warren@kumari.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9199C1522D0 for <ietf@ietfa.amsl.com>; Tue, 13 Dec 2022 09:03:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8BtHSGqQBfFI for <ietf@ietfa.amsl.com>; Tue, 13 Dec 2022 09:03:40 -0800 (PST)
Received: from mail-qv1-xf2e.google.com (mail-qv1-xf2e.google.com [IPv6:2607:f8b0:4864:20::f2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7988DC1522C6 for <ietf@ietf.org>; Tue, 13 Dec 2022 09:03:40 -0800 (PST)
Received: by mail-qv1-xf2e.google.com with SMTP id r15so10819483qvm.6 for <ietf@ietf.org>; Tue, 13 Dec 2022 09:03:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari.net; s=google; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=dWLN/lmA2Bw/xQVQitSaTJ/AoV1sl9YY8Ex4Yfg9e/0=; b=Sh8VuRf0zcen58lHy6DaSvmBzRgGgxMwPHdEDZuZ0/P1Ff5L3kEc3U+6Z5yzh975WD OxFpnRLEao5mb/FVpc5HxWtDUnbFeUjsThcG67QlXNUqMJX9kYDsWkNmeOGElhmc4ZcJ udmhxpxeBj3JVRmKvBoVudW5Ea7Dxw7/0lMPgoLutTl19gQrxNKtDkBBtmUvoj51Ebtw Q04I3lEz68QPXxojjcOKpAYvzNSTkeUhUF65jcYIdibrFXbztN7L8UhiHyjFh4vrhbja ltGF/lNDIZf+dcw+KYiZuyhRdC09+GiCbnB7V3m94WdzffixAc54FLRbchuFPYnC/2u9 oSOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=dWLN/lmA2Bw/xQVQitSaTJ/AoV1sl9YY8Ex4Yfg9e/0=; b=oWVo2snClmAhQhkqfkTl5TmFGk2ADfpjZTV5JnRXSMBVutm+FTZ5p42fgQSXwKV7i3 kTQ1r9d1pma2WZdLVEcemN9R6SRST3EX3RCIxmoDRIcuMcLPojtoifdDHsGQOcQIeYE3 IXYSwfQ2ZrLg7rKLokX08Ucq0uZfvRs6XAQncT/ylh78unbdnLdmGygPS0kD3dic4k57 76Vi0v5jdZIm/nN+H1JhnTtTTaEszcBfyc7NEUwbE2jPUIWo55vhEsNzfoqHkQi3CtqD ZuHCpA76+UY3AnKPViwXmjBvU903epiaBB9SjNhIO++7Wqx0KChdRcDP4RaLDcdiSYks +35Q==
X-Gm-Message-State: ANoB5pkQQNALQYGep5MdFtymKV3064NKb60AuqFweY3XhraoaZqU6SGe PZvO+W3HVUpfwpZZ7G5+LtPQQPBhcMLZIHh5fserCg==
X-Google-Smtp-Source: AA0mqf56M6Bey5g0G2cNsXyv5G+OlZVRHg2hLU1R9Jf6yQJVCym2n2W+h+va7zHkdLrpM3uRhR22vd4ELeU/0PxrBiY=
X-Received: by 2002:a0c:e606:0:b0:4d5:33f4:daa5 with SMTP id z6-20020a0ce606000000b004d533f4daa5mr714307qvm.59.1670951018996; Tue, 13 Dec 2022 09:03:38 -0800 (PST)
Received: from 649336022844 named unknown by gmailapi.google.com with HTTPREST; Tue, 13 Dec 2022 12:03:38 -0500
Mime-Version: 1.0
X-Superhuman-ID: lbmh2wi6.33bc1a24-0e61-4780-8844-db8af7d04f45
X-Superhuman-Draft-ID: draft00a0a875c2840b18
In-Reply-To: <1ZCcsM481U5jAWWR76ShTniZBa3MYsGI05xpsyddCAXXq-AHEKkKIAoHIzkh2cbp5y98N07Rr54PzK2Bj8TQ6L82HT6-8XNseWN5QqBIo8A=@hopcount.ca>
X-Mailer: Superhuman Desktop (2022-12-12T23:05:54Z)
References: <167043280754.32746.12505647641634366352@ietfa.amsl.com> <26586.1670443013@localhost> <6896EE30-67DE-47FD-826C-52108AA9B1EA@gmail.com> <1ZCcsM481U5jAWWR76ShTniZBa3MYsGI05xpsyddCAXXq-AHEKkKIAoHIzkh2cbp5y98N07Rr54PzK2Bj8TQ6L82HT6-8XNseWN5QqBIo8A=@hopcount.ca>
From: Warren Kumari <warren@kumari.net>
Date: Tue, 13 Dec 2022 12:03:38 -0500
Message-ID: <CAHw9_iKMzWjO+nVYp89aK-yfLbjC0eELi_6mgSTiwEAYD-UEhw@mail.gmail.com>
Subject: Re: [Rfc6761bis] New Non-WG Mailing List: rfc6761bis
To: Joe Abley <jabley@hopcount.ca>
Cc: Ralph Droms <rdroms.ietf@gmail.com>, Michael Richardson <mcr+ietf@sandelman.ca>, paul@nohats.ca, rfc6761bis@ietfa.amsl.com, ietf@ietf.org
Content-Type: multipart/alternative; boundary="000000000000ecc05b05efb899f7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/-XqlAw53Ql1kAdA-YrmRdIoehcs>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IETF-Discussion. This is the most general IETF mailing list, intended for discussion of technical, procedural, operational, and other topics for which no dedicated mailing lists exist." <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Dec 2022 17:03:44 -0000

On Tue, Dec 13, 2022 at 7:27 AM, Joe Abley <jabley@hopcount.ca> wrote:

> Hi Ralph,
>
> On Monday, December 12th, 2022 at 16:35, Ralph Droms <rdroms.ietf@gmail.
> com> wrote:
>
> As a reminder: https://datatracker.ietf.org/doc/html/rfc8244
>
> Dunno where the conversation has gone since publication of RFC8244
>
> 8244 opens with the premise that ICANN and IETF have nominal control over
> the "domain namespace" -- e.g. 8244's problems 1 through 4. "Domain
> namespace" is defined as "the set of all possible domain names."
>
>
> I think neither ICANN nor the IETF have or should have control over the
> domain namespace; they only have control over that subset of the domain
> namespace that is used by IETF protocols like the DNS.
>

I think that the root issue is that there is not a simple way to determine
if a name is included in "that subset of the domain namespace that is used
by IETF protocols like the DNS". One can tell if a name is **currently** in
the set of names that is in the union of the ICANN/IANA root zone and the
SUDN registry. If someone starts using a name *currently not* in that set,
but still following the semantics of the set (e.g .abley), it *potentially*
makes that name unusable in the future in "that subset of the domain
namespace that is used by IETF protocols like the DNS."

In an of itself that isn't necessarily an issue; there
are 139098011710742195590974259094795403842655842142490330518716727403333474672708595090456576
possible
"TLD" type names (26^63-26^2-26) — but if someone is widely using a name
(e.g .onion) it will cause an issue *both to that user* as well as to the
*DNS user* if the IETF or ICANN were to start using it for something else.

As a party trick, I will attempt to respond with text only from RFC 8244:
"There is a broad diversity of opinion about this set of problems.
   Not every participant agrees that each of the problems enumerated in
   this document is actually a problem.  This document takes no position
   on the relative validity of the various problems that have been
   enumerated, nor on the organization responsible for addressing each
   individual problem, if it is to be addressed. This document only
   enumerates the problems, provides the reader with context for
   thinking about them, and provides a context for future discussion of
   solutions, regardless of whether such solutions may work for IETF,
   ICANN, IANA, or some other group."

4.   Although the IETF and ICANN nominally have authority over this
        namespace, neither organization can enforce that authority over
        any third party who wants to just start using a subset of the
        namespace.  **Such parties may observe that the IETF has never
        asserted control or authority over what protocols are "allowed"
        on the Internet, and that the principle of "permissionless
        innovation" suggests there should be a way for people to include
        new uses of domain names in new protocols and applications.**
(emphasis added)

5.   Organizations do in fact sometimes use subsets of the Domain
        Namespace without following established processes.  Reasons a
        third party might do this include:
        1. [...]
        2. [...]
        3. [...]
        4. [...]
        5. [...]
        6.  Lack of knowledge that a name intended to be used only
            locally may nevertheless leak.
        7.  Lack of knowledge that a name used locally with informal
            allocation may subsequently be allocated formally, creating
            operational problems.

6.   There is demand for more than one name resolution protocol for
        domain names.  Domain names contain no metadata to indicate
        which protocol to use to resolve them.  Domain name resolution
        APIs do not provide a way to specify which protocol to use.

9.   There is strong resistance within the IETF to assigning domain
        names to resolution systems outside of the DNS, for a variety of
        reasons:
        1.  It requires a mechanism for identifying which set of
            resolution processes is required in order to resolve a
            particular name.
        2. [...]
        3.  More than one name resolution protocol is bad, in the sense
            that a single protocol is less complicated to implement and
            deploy.
        4.  The semantics of alternative resolution protocols may differ
            from the DNS protocol; DNS has the concept of RRtypes,
            whereas other protocols may not support RRtypes or may
            support some entirely different data structuring mechanism.

     20.  RFC 6761 uses the term "domain name" to describe the thing for
        which special uses are registered.  This creates a great deal of
        confusion because some readers take "domain name" to imply the
        use of the DNS protocol.


> There is a point, I believe, at which the IETF should step aside and avoid
> trying to nanny the designers of other parts of the namespace. Many (maybe
> most) of the problems identified in 8244 are consequences of not
> acknowleding such a threshold of care.
>
>
>
I don't think that it the IETF is attempting to "nanny the designers of
other parts of the namespace", but rather acknowledge that "we have a
shared commons; use of the commons should be coordinated so that we don't
step on each other's toes".  Permissionless innovation is a good thing. I
don't think that anyone (well, anyone who has ever tried to actually
operate it :-)) believes that the DNS is perfect and that something better
might not be created — but I think that most of us agree that uncoordinated
stomping on each other is not a great outcome.

Rereading RFC8244, there are places where we could probably have worded
some of this better - it does have the "The IETF and ICANN are in charge of
*anything* that can be expressed in LDH syntax" vibe…
W

I do agree that narrative around all of this suffers a discontinuity if the
> points described in 8244 aren't carefully considered as part of any new
> proposal to scope the limits of the IETF's responsibility.
>
> Joe
>

v2.23.0 | Report a Bug | By Email