Re: [urn] corporate URN namespaces

Peter Saint-Andre <stpeter@stpeter.im> Sat, 03 February 2024 02:31 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: urn@ietfa.amsl.com
Delivered-To: urn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83788C14F697 for <urn@ietfa.amsl.com>; Fri, 2 Feb 2024 18:31:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.109
X-Spam-Level:
X-Spam-Status: No, score=-7.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=stpeter.im header.b="pdcVyUqy"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="IZ3ag6LA"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gTRQIHVI9y21 for <urn@ietfa.amsl.com>; Fri, 2 Feb 2024 18:31:29 -0800 (PST)
Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0626BC14F68A for <urn@ietf.org>; Fri, 2 Feb 2024 18:31:28 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id AED1B3200ABE; Fri, 2 Feb 2024 21:31:27 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Fri, 02 Feb 2024 21:31:28 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stpeter.im; h=cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1706927487; x=1707013887; bh=dztJmf8JxX0kb1MLVc0OB3fMrYrTuV8uNCbu4hX4j6Y=; b= pdcVyUqyXI+GWB+miBhFIFnPqWY+Sd6Xkg0J9EQjAfdWowc3lF7UPgx6ylA4oNU8 gJ45NoWhrCbB3YNnifrQXywJim4oS6pB4tjgjwN1rt1qHvGxwRHyol3MVy7S3pbk lq5pnmtn6SQxopeXZxajW8yj4rMR6q6bAp9gvfDg720AC87fatqjQVUJjv1GYey8 n+X7fLTe7Msf06K/sRq7r+yNxkvmRTHmnQBHrc3+1Pp+Lo+1HIqnX9atlqDq8rit mMkeM9TtaGQmMgRrEZi3vaF1Gi0+OSwVGgmLhE+U89QSJ1b4iwyglKfwyoK37jQq opf1M/x2S4X/KGCy6spIsg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1706927487; x= 1707013887; bh=dztJmf8JxX0kb1MLVc0OB3fMrYrTuV8uNCbu4hX4j6Y=; b=I Z3ag6LA6Q+pCuwcpL9kZ4UKJWsaXcRIXEBzodwVqFfUf98K/Z19Hsx6rDNv7GLMP xK8N6cDsRUcBoZO/McKRSZuOIfCgBwMDtCkFMPFLtqPdrHoEqcNmBHPllJP1+4oZ 2ZIIOQkAU2anw0p/htx+pJv1mB7R1FNLS7bs2GfqVCELeupqDaMLnrTlnY2WcZ5w kFXVB42ZIevG20qLGBvUVhlWOGcj6Q0ureZbK43yFfoPYKzOU/FXmMVDK+By1cJV tJgRDT/eZwp7+9qt8gs+qH+xQx3gukHRgdOBkCfV+gXmU7vajikHacnD2fPv2N/h 3x3L5jHK7QqX+s/8CMGEw==
X-ME-Sender: <xms:fqW9ZRtWV26AmAf3MCQG_Q51VhqfFAxz2aIeKWyunrxph9NGI1AKyQ> <xme:fqW9ZacHZoVLyS9YPwztUbL1lGdSlWa1G_wS6RBGeGzpl3CiRcsSvxt5hN-1K44ds bd9Nn2N9G-tMlq3QA>
X-ME-Received: <xmr:fqW9ZUykpU6CG0_H2MFjYfgMf7DDZqhviEl0jFON111m5HG_7i6pkk2dL9nulP6f>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrfeduhedggeekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefkffggfgfuvfhfhfgjtgfgsehtje ertddtvdejnecuhfhrohhmpefrvghtvghrucfurghinhhtqdetnhgurhgvuceoshhtphgv thgvrhesshhtphgvthgvrhdrihhmqeenucggtffrrghtthgvrhhnpeehfeelgfdtueelte ffuefgheefudeuhfeghfevgfegvdetkeekueegiefhtdejgfenucffohhmrghinhepghhi thhhuhgsrdgtohhmnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilh hfrhhomhepshhtphgvthgvrhesshhtphgvthgvrhdrihhm
X-ME-Proxy: <xmx:fqW9ZYOoFvF8JEboK3Cos4X-6VztdYS2CLmxNszs6T14rOuBTY3BQg> <xmx:fqW9ZR82EzGewG9TmKWF-qLBTQJ3a0zO3r10-v7Vd0z3ZlhfjdWpCg> <xmx:fqW9ZYWBSG8PpGY3XatkZN1JBhrOkIzmL0U9l6Kht4qlWs1WHoP6mQ> <xmx:f6W9ZTJIXRJ89aBFkpFYRXcjI54ZeAmGpv0MbR61aRZfTIdFe4iRqA>
Feedback-ID: i24394279:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 2 Feb 2024 21:31:26 -0500 (EST)
Message-ID: <25fa5b11-b85d-47f8-a94a-98ff2250c9aa@stpeter.im>
Date: Fri, 02 Feb 2024 19:31:25 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: John C Klensin <john-ietf@jck.com>, urn@ietf.org
References: <6c0de4ca-dbc0-401d-b1df-34147ec9829b@stpeter.im> <0C274E40D3F576FC46A1D705@PSB> <7e4bec70-deb1-45e6-b432-c45ad365cdbb@stpeter.im> <9E698B7ECB692C39EE9ED28A@PSB> <71308ab2-e1fd-4f39-80f1-d8dbb248260e@stpeter.im> <DE626E0D07A85AA8759E4B05@PSB>
From: Peter Saint-Andre <stpeter@stpeter.im>
Autocrypt: addr=stpeter@stpeter.im; keydata= xsFNBFETDzsBEAC0FOv1N3ZJzIIxN6cKD475KVS9CHDPeYpegcOIPnL5eY1DCHeh/IwS1S7R CePtmiybNoV9FsI4PKUknzXQxA6LVEdAR/LUlhgJKjq+gsgp8lqbEILhg13ecH66HwLS9rar bQkC47T7kL8miIPBFC6E3A4Lq1L+eueO6UcLhKgoYkMxOjdiWrMgKTnVpch5ydLkPm/z0Zo8 zRgqlPuTLeCrXXZYnjHXLVFN2xy04UzOs7P5u5KVfx5Z7uQisr8pXtyLd6SpTZo6SHgKBv15 uz0rqXhsJojiGtOXfWznAjaS5FUOORq9CklG5cMOUAT8TNftv0ktsxaWDL1ELDVQPy1m7mtz o+VREG+0xmU6AjMo/GHblW1UU7MI9yCiuMLsp/HLrFuiosqLVZ85wuLQ2junPe3tK8h15Ucx IXAcpQ1VqIaDQFbeuLOXJTF8YHpHdpHYt/ZM1ll7ZBKGAo8yd7uF7wJ9D3gUazwdz9fFjWV7 oIk7ATwOlFllzmWDn+M2ygbHOGUGMX5hSaa8eDSieiR2QoLdn27Fip7kMBTJ2+GISrfnJTN/ OQvmj0DXXAdxHmu2C4QgmZbkge35n129yzXn9NcqzrGLroV62lL3LgX6cSbiH5i7GgWY6CAP b1pMogV0K475n9FvOSDRiG4QSO5yqKiA3OP5aKrIRp2TNAk4IwARAQABzSZQZXRlciBTYWlu dC1BbmRyZSA8c3RwZXRlckBzdHBldGVyLmltPsLBeQQTAQIAIwUCURMPOwIbAwcLCQgHAwIB BhUIAgkKCwQWAgMBAh4BAheAAAoJEOoGpJErxa2p6bgQAKpxu07cMDOLc4+EG8H19NWXIVVy bOEvfGuHYZaLKkPrhrMZwJiOwBpyISNRt9qzX1eLCVaojaoEVX6kD8MGc5zKFfiJZy3j7lBW l+Ybr7FfXYy2BbAXKx49e1n6ci9LmBrmVfAEaxtDNPITZ9N9oUAb9vS0nrG036EwteEHAveQ vlDjO7lhz6+Cv7lZQgBj9rZ6khfcQ4S3nSCQaKLQ9Iav4fqxI7SfuPKnx6quHX3JNLGnVo3w l+j/foCK0iTrmtHxCI3kc/bx6g32pRjHEPX0ALMBhmzU2uca+TE0zCEC96mgYXAUCwdnCFWy beIEbt6pz65iML13kAVAq0H/GqncnMGN0MbOatnw1Tdz/vkLojIy7QbPcQ0plUFxv5491xPf IrHhOWdRXp6WUt88fcqhT6MHZpVRtusj2ornKVVn+Y0GLsMMCTcrXJRG7Ao1YV72t/pJpzfG WSaaxolxDIZ6B+76jrIhUhiWgo/4nf+DN6BIlCZQ6j6xxjjx462cu02kuhIILTk2pzaMOufT BWx0uJhZk/KP2Fay/41pX7pvVOwRC4uIlKsLnJKLPS7EDa4BUUxENfd/9LqOGwlII8BbSe98 PLMI8sXkcigc3UXMVda9ll0YhQa+lbP1NaszmnBhwuiCsgnPGbImsJuRzgEEgckwP/dNeyr6 MlFMyfaezsFNBFETDzsBEADBzOsEHpUmhkRUjH9Tek87dn5P/Yh/L/HptgCGk40TL/C+kYdk d3HyteMEf061PNmsS/Rq8k37Fu3VODYb9SPYKxtgksKSYUtIkPKvao09K9QNWPqyWuNf0F+i AjVMUudaEVFJ7bHF310RDwLY5IvLeCXxtvG+Vv/i+g77d2WdPDp+zLJ8306C4yBKjSJV8xW0 cn2fd7NviIEN6cNHTsZNDZVMlgYPrxnwSq8GTEPGC7HsLIwGcx3hIe9QjnPw9CpAmQENpDEy WcxgF5uwo2NJECoDswKz1Nb0gfawF3ZIbD+GcLujTu94iJuVg25jATWm9wTgcfZo4UPllRGX dIb8uWwUFQlLQgd4ROLZZtXNGmHIymJrV2crx53gxup+1j0XqhlzKg8xbImWhEfS9oHZkRK8 VHgmWSIt7TNwNir6N5j3lqwWVBhnu6GzF01sKGNySlqNRbd0fqhakCkK71b8ot8tYTcYG5Lg 10z6HTbgQx2UwLthUjqbblDQ+GLmrOhiWklLXRsnlnPMwnEyFePAnsT5tasy2Cn9qjpttNDa h7PB8iFUi9mtTF/XDVgpFaB5G3CDV7Q2NgbAI6g6QhLIAmXzSP635G83mda0TKXHQXHDyLJT Tn+WVFU7t4m4uLt+0DsWU8jXHQWyUTNG9WPUrXhusDUAPHxFCQ/n/lQVBwARAQABwsFfBBgB AgAJBQJREw87AhsMAAoJEOoGpJErxa2pqfgP/ApN+TRu2bBIgaw1dr3AznSSha84DIpXUDh3 udZvQrGbUtz8/mA+e3iZEN/cmmBw2LGlAuQoJNILTZQ318yTP+E5QU7fJH7FVsohUyvrMfyt 3IMA9jg0Z9MuloLezvIjjMfFeNa0ROgDb/ubOT7JQzi1kwN8Lu3lO80HwqBHXEeOLoislUSn ZajRKvITbKWkZ6PHRjlMw1Wk4oIi6VLHgGgj79zzL3uhML2663m7imShvz1QcHTwvyR5i8cZ bNOEkotZyERiA1p7YHuruS+QvTi3ZPoQbnMUB3a7py9d11bw1+w3LiAUGZE/z5hBWOFxYtw+ w/U/Vx0BwJGYlwU3M2W20uEXe+qxz7wnakygKjmLiD2z4njfKjcNCiV3FmXrpmWgADln1c4j fxDh0NrndrsM8FPDf1TMPtOZgFDkKripc9xkZ/25P6xn27oTOHWKcAC0QhxSH+HuVBBRk8Ag F+zAbDZe4/L6+kanSrycIXW+wCzwBq61aWsz2QhhuKjozVkhk4dRG+CfjzAFjnyxwYERn3uX VKQAwTwcdNcTI9RV98IsNrw9Y4lJEAg6CjNPmiD5+EASycqaOuToRSGukr8sOQLWLPyTnez/ aG8Xf7a+fntWzK2HuDYoSDhJJrylWw/lMklOBm4wtMeNA0zcQH6AQV/GzQVQkSGqrLuMVIV/
In-Reply-To: <DE626E0D07A85AA8759E4B05@PSB>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/urn/JDsHynHMUSuUIvZO4AjsXE_1qb4>
Subject: Re: [urn] corporate URN namespaces
X-BeenThere: urn@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Revisions to URN RFCs <urn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/urn>, <mailto:urn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/urn/>
List-Post: <mailto:urn@ietf.org>
List-Help: <mailto:urn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/urn>, <mailto:urn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Feb 2024 02:31:33 -0000

On 2/2/24 6:15 PM, John C Klensin wrote:
> (Barry, see inline)
> 
> --On Friday, February 2, 2024 16:49 -0700 Peter Saint-Andre
> <stpeter@stpeter.im> wrote:
> 
>> I agree with 90% of your 10%. The remaining 1% inline.
>>
>> On 2/1/24 6:22 AM, John C Klensin wrote:
>>> Peter,
>>>
>>> I agree with 90% of what you say.  Other 10% inline below.
>>>
>>> --On Wednesday, January 31, 2024 11:53 -0700 Peter Saint-Andre
>>> <stpeter@stpeter.im> wrote:
>>>
>>>> Hi John, thanks for sharing your perspective. Comments
>>>> inline.
>>>>
>>>> On 1/30/24 8:32 AM, John C Klensin wrote:
>>>>
>>>>> I wonder whether we could borrow a note from some very early
>>>>> IANA registration policies and allow third-party
>>>>> registrations, e.g., allow you or someone else who notices
>>>>> one of these things to record the usage in the database as a
>>>>> third-party registration.  If one of our primary goals for
>>>>> having the registry is to avoid inadvertent name conflicts,
>>>>> then knowing that (using your examples) LinkedIn is using
>>>>> "li" for a namespace and Amazon is using "rtn", and both are
>>>>> using them on the public Internet (embedded or not), there
>>>>> would seem to be a public interest in having those names
>>>>> registered.
>>>>
>>>> RFC 8141 states:
>>>>
>>>>       This document rests on two key assumptions:
>>>>
>>>>       1.  Assignment of a URN is a managed process.
>>>>
>>>>       2.  The space of URN namespaces is itself managed.
>>>>
>>>> One thing I'm uncomfortable with here - not with your
>>>> proposal but with the underlying situation - is the fact
>>>> that if at some level we accept unregistered URN namespaces,
>>>> then we're not living up to assumption #2.
>>>
>>> Yes.
>>>
>>>> Overall I'd say we have done a decent job of managing the
>>>> space of URN namespaces: the vast majority of SDOs and other
>>>> projects we've engaged with have worked in good faith to
>>>> define their usage of URNs, and for the most part this
>>>> discussion list has led to improved transparency regarding
>>>> URN usage on the Internet. (To be clear, we've had a few
>>>> failures along the way, e.g. namespaces we didn't get
>>>> registered because the registrants ran out of energy or
>>>> patience with the review team.)
>>>>
>>>> It seems less than ideal to allow third-party registrations
>>>> that are mere placeholders so that we can avoid conflicts.
>>>> Indeed, those don't feel like *registrations* at all, in the
>>>> sense of fulfilling our responsibility to manage the space of
>>>> URN namespaces. (Furthermore, it feels disrespectful toward
>>>> everyone who has properly registered their namespaces.)
>>>>
>>>> I'm not completely opposed to what you suggest, but I'm not
>>>> completely happy with it, either.
>>>
>>> I agree and share your unhappiness.  I was just trying to
>>> reflect what seems to be a general IETF trend that I would
>>> describe as "forget all that other stuff and the reasons for
>>> it, just get it registered to prevent conflicts".  That has
>>> resulted in updates to several protocol specs moving, e.g.,
>>> from "RFC or IESG-approved Experimental" to "Specification
>>> Required" or lower.  That does not make me happy either, but
>>> I recognize the reasoning and the trend.
>>>
>>> Given that, and given that allowing third-party registrations
>>> would presumably require an update to RFC 8141 anyway, let me
>>> suggest a different alternative.   I haven't quite figured out
>>> how this would be defined, much less what we would tell IANA
>>> about naming (because any list they keep is called a registry)
>>> but what would happen if created a separate list, not for
>>> registration of a URN namespace but of names that had been
>>> seen in the wild and, in violation of the clear intent of
>>> 8141, had not gone through that process?
>>
>> It might not surprise you that I had a similar thought.
>> ("Great minds think alike" or "fools never differ"?)
>>
>>> Such a listing would clearly require some minimal protection
>>> against DoS attacks, but so would a third-party registration.
>>> Submission of copies of web pages or messages would be a
>>> start.
>>>
>>> I think I'd rather see it as an IANA collection because
>>> presence in that hall of shame might motivate some companies
>>> to actually register but, if if that would be problematic, I
>>> could see a wiki or github listing somewhere and a sentence
>>> in the header of the IANA URN namespace registry that said
>>> something like "an informal list of known names in use in
>>> violation of the specs may be consulted to avoid
>>> unintentional naming conflicts if one is considering a new
>>> namespace and name".
>>
>> To some extent, I think it depends on what we're trying to
>> accomplish with this list. I see two main purposes:
>>
>> 1. Encouraging organizations to register their namespaces
>>
>> 2. Avoiding namespace conflicts
>>
>> It's not clear to me that purpose #1 will be met more
>> effectively with a public list than with reaching out to
>> people we know at the offending organizations, but just
>> possibly it might help. Do we know if this method has been
>> successful with other registries?
> 
> No idea.  It might be reasonable to reach out to Barry Leiba
> (don't remember whether he is on this list or not) because my
> impression is that he has been one of the sensible people
> pushing most strongly for "just get it registered somehow".  If
> there have been successes, he would be likely to know.   But I
> don't know that it is particularly useful knowledge because ...
> 
> If we disagree, it might be closer to 5% or 1% than 10%.  What I
> was thinking, although I was no coherent enough to write down,
> was that we should encourage third parties who notice such
> things to reach out to "people they know" if they know anyone
> and provide some mechanism for them to post a message to see if
> anyone else can do some gentle arm-twisting otherwise (posting
> to this list or even ietf@ietf.org might be reasonable).  Only
> if those entreaties failed to produce a registration by the
> organization involved, would the name be added to what I think
> of as a "this name is in use by the the organization involves is
> too anti-social, arrogant, or opposed to a URN system that works
> well" list.  Of course, we wouldn't say that unless we could
> figure out how to be really polite about it.
> 
> That sort of approach would constitute doing our best at the
> "encouraging" part, providing some (at least minimal) pressure
> on those who were not easily encouraged and, either way, address
> purpose #2.

Before we put an admittedly aspirational process in place at the IETF or 
IANA to address misbehavior by a relatively few neglectful actors, I 
suggest that we attempt more active outreach of the kind I've just done 
with Microsoft / LinkedIn and now Netflix:

https://github.com/Netflix/dial-reference/issues/60

Yes yes, I know, we're not the protocol police and it's not really our 
responsibility to nag these multi-billion-dollar or trillion-dollar 
companies into doing the right thing. But I do think we have a fiduciary 
responsiblity to make best efforts toward ensuring that "the space of 
URN namespaces is itself managed" as RFC 8141 puts it.

If such efforts do not yield fruit, I'm open to alternatives.

Peter