IETF Logo Mail Archive

RE: the names that aren't DNS names problem, was Last Call: <draft-ietf-dnsop-onion-tld-00.txt>

Christian Huitema <huitema@microsoft.com> Sat, 25 July 2015 18:52 UTC

Return-Path: <huitema@microsoft.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BE4C1A8849 for <ietf@ietfa.amsl.com>; Sat, 25 Jul 2015 11:52:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8HcsS69BQ_Wg for <ietf@ietfa.amsl.com>; Sat, 25 Jul 2015 11:52:05 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0123.outbound.protection.outlook.com [65.55.169.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBE241A86F5 for <ietf@ietf.org>; Sat, 25 Jul 2015 11:52:04 -0700 (PDT)
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com (10.160.96.17) by DM2PR0301MB0654.namprd03.prod.outlook.com (10.160.96.16) with Microsoft SMTP Server (TLS) id 15.1.219.17; Sat, 25 Jul 2015 18:52:03 +0000
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com ([10.160.96.17]) by DM2PR0301MB0655.namprd03.prod.outlook.com ([10.160.96.17]) with mapi id 15.01.0219.018; Sat, 25 Jul 2015 18:52:02 +0000
From: Christian Huitema <huitema@microsoft.com>
To: John C Klensin <john-ietf@jck.com>, John Levine <johnl@taugh.com>, "ietf@ietf.org" <ietf@ietf.org>
Subject: RE: the names that aren't DNS names problem, was Last Call: <draft-ietf-dnsop-onion-tld-00.txt>
Thread-Topic: the names that aren't DNS names problem, was Last Call: <draft-ietf-dnsop-onion-tld-00.txt>
Thread-Index: AQHQxGlBkmeDrOWjMUO4oLHJsCtrup3pmOqAgAACmYCAAAW6gIAAmIiAgAAYggCAAOW/gIAACzoAgAAipoCAAD8rAIAAC+OAgAAB84CAAAGcgIAAAe8AgACxkoCAAAVrgIAABeGAgAAUf7A=
Date: Sat, 25 Jul 2015 18:52:02 +0000
Message-ID: <DM2PR0301MB065582F1A4F6854EF86D4C8AA8800@DM2PR0301MB0655.namprd03.prod.outlook.com>
References: <20150725165829.76805.qmail@ary.lan> <413CD2A31E4AFF293091DD05@JcK-HP5.jck.com>
In-Reply-To: <413CD2A31E4AFF293091DD05@JcK-HP5.jck.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: jck.com; dkim=none (message not signed) header.d=none;
x-originating-ip: [62.168.35.69]
x-microsoft-exchange-diagnostics: 1; DM2PR0301MB0654; 5:vyox2o+3D2bAPwLY6LqYhATuiDMcifslhqV9jrOYEBfeDgVT3TGpKtuicNPVwBSx+czGL5VwImnwJhZyk/RYdXeZjx3T3PmqQCPkx0irxXX3U+GpkTupcPn+nkR04W273oCUWDfoSIeXQXakg8WPIQ==; 24:6KMMsBIMbJ6m0TdkKzyYYYMp/2ZqRrHAZG2FwsFrCYrhyQeu9wC/Qa1fJnvyyDRKNEbd6yoUiOKqsHCu+H0VXdit+IEE5dnnqc5VvZZQvrg=; 20:MLLewgmVVwTxORdaOFJgvkqe/oz7o5RO7xyjZC3z8bEab6BxpHJh47I5Jt7naQ9sSJC9GEGbzpF/lllp4VmYXA==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB0654;
dm2pr0301mb0654: X-MS-Exchange-Organization-RulesExecuted
x-microsoft-antispam-prvs: <DM2PR0301MB06541D626CD7551F12187EF0A8800@DM2PR0301MB0654.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401001)(5005006)(3002001); SRVR:DM2PR0301MB0654; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB0654;
x-forefront-prvs: 0648FCFFA8
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(24454002)(377454003)(76176999)(106116001)(77156002)(74316001)(62966003)(230783001)(86612001)(99286002)(5001770100001)(54356999)(40100003)(50986999)(2656002)(77096005)(33656002)(189998001)(10090500001)(66066001)(2501003)(86362001)(107886002)(5002640100001)(5003600100002)(92566002)(102836002)(2950100001)(46102003)(87936001)(19580395003)(76576001)(2900100001)(5001960100002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB0654; H:DM2PR0301MB0655.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jul 2015 18:52:02.1523 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0301MB0654
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/1iEHdVZVUZ2rLtU5fzct70uIqHA>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jul 2015 18:52:06 -0000

On Saturday, July 25, 2015 7:20 PM, John C Klensin wrote: 
>...
>  My problem is that I don't see a stopping rule and the
> idea of the IETF reserving names using our own collective but
> very subjective judgment strikes me as risky, both wrt the
> quality and completeness of the list and because I think ICANN
> and IETF both benefit from clear delineation about boundaries
> and responsibilities... 
>
> I continue to believe that the most straightforward solution is
> to turn the list-keeping over to them...
>

There is a technical problem: special purpose names, that have their own resolution process, different from the DNS. When a group developed such systems, the practice until now was to pick some reasonable top level name, such as ".local" or ".onion", and then ask for a special rule so that particular name could be excluded from the DNS. That was somewhat problematic, because it took some time for DNS code to be updated and exclude these names, but at least we "knew" that it did not conflict with ".net", ".org" or ".com." Well, we don't know that anymore.

We should note however that there is no technical requirement that special purpose domains be top level domains. When we developed the peer-to-peer naming system PNRP, we simply registered "PNRP.NET," and rooted the peer names there. That meets the "registration" requirement, but it does not meet the kind of special purpose processing that ".local" or ".onion" require, when security dictates that the special names must not me resolved by the DNS.

Suppose now that we reserved a special purpose top level domain, with the definition that it should not be resolved by the DNS, and that queries to it should always get an NXDOMAIN response from DNS servers. We might call it ".not" or ".nxd", or whatever other name ICANN might agree to. Developers of special purpose applications could reserve a second level domain such as "example.nxd". No risk of conflict with domain name entrepreneurs buying a conflicting domain, no risk of interference with DNS resolution.

Isn't that a reasonable path? 

-- Christian Huitema

v2.23.0 | Report a Bug | By Email