Re: [secdir] secdir review of draft-cheshire-dnsext-nbp-09.txt

Donald Eastlake <> Wed, 15 December 2010 09:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6405B3A6F72; Wed, 15 Dec 2010 01:01:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -103.267
X-Spam-Status: No, score=-103.267 tagged_above=-999 required=5 tests=[AWL=0.332, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jljUEjMzdxhX; Wed, 15 Dec 2010 01:01:29 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 235C13A6F55; Wed, 15 Dec 2010 01:01:29 -0800 (PST)
Received: by qyj19 with SMTP id 19so1752217qyj.10 for <multiple recipients>; Wed, 15 Dec 2010 01:03:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:cc:content-type; bh=8LMatZkftJWgCNQfauPCHS5/ojE+eBEaRJ9FfoYc85M=; b=p91Lkdqitb5E14rQrGcJtibc4X+CXCK8R6X6+eRZi3MGcFhlmjWmWhqxBUAKOIu4C1 wcuUHiYB7T76InzEjPYLmJTWOmlZ0iJVGEw06NqNukSaNwGrYbeblIz9z2PXWDVM6pnA CH1NGo0fhm8NfbB+ewyjDYiknkuAgHEDoco1o=
DomainKey-Signature: a=rsa-sha1; c=nofws;; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=CjZgZccgxennMZ7sEOt+2UXixc2hw6VAGDjwsbFvng2x5gOh+N+AJK+70xsRb6KVX7 wbTpX/Adnc4M7fV4q3OD/yPeYXckttuBmJC6eGPZ6PgmDUEi0TNjgJYZ0fccg38j7ziQ +tYX8sjuOstbTGkG6TmiVE6vZbvPvaBPXmCnw=
Received: by with SMTP id r19mr6094760qai.324.1292403789586; Wed, 15 Dec 2010 01:03:09 -0800 (PST)
MIME-Version: 1.0
Received: by with HTTP; Wed, 15 Dec 2010 01:02:49 -0800 (PST)
In-Reply-To: <>
References: <20101101094624.GC29846@elstar.local> <>
From: Donald Eastlake <>
Date: Wed, 15 Dec 2010 04:02:49 -0500
Message-ID: <>
To: Stuart Cheshire <>
Content-Type: text/plain; charset="ISO-8859-1"
Subject: Re: [secdir] secdir review of draft-cheshire-dnsext-nbp-09.txt
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 15 Dec 2010 09:01:30 -0000

As the principle author of 2606, I believe they were intended to be
encouraged but not mandatory.

For some time there has been an increasingly hardened attitude about
this in the IESG and, basically, you won't be allowed to use other
names unless there is a good reason a 2606 name won't serve the
purpose or possibly if you are doing a minor update version of an
existing RFC and don't want to disturb it more than necessary.

On Tue, Dec 14, 2010 at 7:12 PM, Stuart Cheshire <> wrote:
> On 1 Nov 2010, at 2:46 AM, Juergen Schoenwaelder wrote:
>> On page 9, the DNS name "" should probably changed to
>> "".

Why not make the minimal change and use


> We'll update the example in the document, but I have a question:
> RFC 2606 states that names like "can be used as examples". I
> agree that when writers *want* to use a vendor-neutral example it's useful
> to have these names available, but are they mandatory? Is there an RFC which
> states that *all* examples MUST use
> I've been seeing this a lot recently. Any time someone uses an example name
> other than the RFC 2606 example names, people leap on them and tell them
> this is not allowed and all RFCs have to use only the RFC 2606-sanctioned
> example names. Is this true? There's a big difference between saying "these
> names are available for use if you want" and "these names are mandatory and
> you're not allowed to use any others".
> Stuart Cheshire <>
> * Wizard Without Portfolio, Apple Inc.
> *