Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF DNS server selection document

Matthew Pounsett <matt@conundrum.com> Sun, 23 October 2011 06:41 UTC

Return-Path: <matt@conundrum.com>
X-Original-To: mif@ietfa.amsl.com
Delivered-To: mif@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EF3B21F84B7; Sat, 22 Oct 2011 23:41:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_33=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9ER42OZwPrrB; Sat, 22 Oct 2011 23:41:20 -0700 (PDT)
Received: from coke.conundrum.com (coke.conundrum.com [216.235.9.139]) by ietfa.amsl.com (Postfix) with ESMTP id 1C5A121F84B5; Sat, 22 Oct 2011 23:41:19 -0700 (PDT)
Received: from chani.conundrum.com (chani.conundrum.com [216.235.10.34]) by coke.conundrum.com (8.13.1/8.12.6) with ESMTP id p9N6dTF1070668; Sun, 23 Oct 2011 02:39:33 -0400 (EDT) (envelope-from matt@conundrum.com)
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset=us-ascii
From: Matthew Pounsett <matt@conundrum.com>
In-Reply-To: <F2045A70-6314-41CF-AC3C-01F1F1ECF84C@network-heretics.com>
Date: Sun, 23 Oct 2011 02:39:23 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <96472FB7-8425-4928-8F55-2ABF2CB59A93@conundrum.com>
References: <COL118-W55403198A984BAAE44BA47B1F70@phx.gbl> <916CE6CF87173740BC8A2CE44309696203782D75@008-AM1MPN1-037.mgdnok.nokia.com> <121DABD1-65E8-4275-8471-9FA38D25C434@nominet.org.uk> <916CE6CF87173740BC8A2CE44309696203783EE0@008-AM1MPN1-037.mgdnok.nokia.com> <4EA09791.8010705@gmail.com> <C8398996-79B5-437E-82A5-6B869ECF8F4E@network-heretics.com> <94C2E518-F34F-49E4-B15C-2CCCFAA96667@virtualized.org> <12477381-9F74-4C50-B576-47EE4322F6BC@network-heretics.com> <CAH1iCiqsN-R87VK3vKityPsY+NXA=0DRASYf_vmBSy8gvYwHdQ@mail.gmail.com> <916CE6CF87173740BC8A2CE44309696203784B27@008-AM1MPN1-037.mgdnok.nokia.com> <708F3212-3C9C-4B61-AA77-EFA8F1CA5B04@nominum.com> <30B1AE01-0A35-48D2-91AF-46FC8B60466C@network-heretics.com> <4EA30EB0.6080605@dougbarton.us> <F2045A70-6314-41CF-AC3C-01F1F1ECF84C@network-heretics.com>
To: Keith Moore <moore@network-heretics.com>
X-Mailer: Apple Mail (2.1251.1)
X-Mailman-Approved-At: Sun, 23 Oct 2011 08:39:19 -0700
Cc: "<mif@ietf.org>" <mif@ietf.org>, "<dnsop@ietf.org>" <dnsop@ietf.org>, Doug Barton <dougb@dougbarton.us>, "<dnsext@ietf.org>" <dnsext@ietf.org>, "<pk@isoc.de>" <pk@isoc.de>, "<dhcwg@ietf.org>" <dhcwg@ietf.org>, "<denghui02@hotmail.com>" <denghui02@hotmail.com>
Subject: Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF DNS server selection document
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Oct 2011 06:41:20 -0000

On 2011/10/22, at 15:21, Keith Moore wrote:

> 
> On Oct 22, 2011, at 2:42 PM, Doug Barton wrote:
> 
>> 1. I think we're all in agreement that dot-terminated names (e.g.,
>> example.) should not be subject to search lists. I personally don't have
>> any problems with any document mentioning that this is the expected
>> behavior.
> 
> agree.  however there are standard protocols for which a trailing dot in a domain name is a syntax error.

Any protocol that makes a standard FQDN a syntax error is itself in error.  Not to say that these don't exist, but if people are writing protocols that can't deal with a properly formatted FQDN they need to stop.  Now.

> Strongly disagree.  That would leave users without a protocol-independent way of unambiguously specifying "this is a fully-qualified domain name".
> 
> The practice of applying search lists to names with "."s in them needs to die.

I can't agree with this statement.  As others have said, the practice of using a search list to allow 'ssh foo.bar' to reach 'foo.bar.example.com' isn't going anywhere, and there are a lot of people that make extensive use of the convenience.  Ask any security professional about how easy it is to compete with convenient access.

I think we need to accept that this practice is here to stay, and figure out how to deal with it on those terms.