IETF Logo Mail Archive

Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06

Peter Saint-Andre <stpeter@stpeter.im> Tue, 28 June 2022 15:58 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68231C147921 for <uta@ietfa.amsl.com>; Tue, 28 Jun 2022 08:58:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.982
X-Spam-Level:
X-Spam-Status: No, score=-3.982 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.876, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=stpeter.im header.b=LcihjQnd; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=RdrinGRi
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cqnu_WBaq1rj for <uta@ietfa.amsl.com>; Tue, 28 Jun 2022 08:58:25 -0700 (PDT)
Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0D5DC14CF1F for <uta@ietf.org>; Tue, 28 Jun 2022 08:52:01 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id 8CDAB32004CE; Tue, 28 Jun 2022 11:51:58 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Tue, 28 Jun 2022 11:51:58 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stpeter.im; h=cc :content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm3; t=1656431518; x= 1656517918; bh=chNFJGnVmwFlV/4kG4Tu7FI+61E8OnB7l1hM6Uqf0Gg=; b=L cihjQndHRqKjOvvqUXnMPJywfAvg+f1xinpSg5preGJ5xcNlOD0lB1apCYh5JWAU Fgj+uEoyXNQyc6jiyZeUlQi+7XurOblyOrBHqA5eO4vhwLMM9Gxx5Zas0GIRUto7 actr6/ZyI/Dh4dwbhMfrIQ4UyiGElQLPfWi7XVspPOSsJA+mVfnXX2QKvv7WbTA1 Ujwbfl110LQTe/jegaTEGBRN1Ywlz0AU9/thROZaRhBMcvINQuqyWm39aYAuYy9L jz97KhfwFjJIQyQWwHF/rau33A+YNvcgRLRN2OLfUslos1KkNaQRO/DSKub3tzsw TEDGIUKhEcXfxbDfPRAwQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:date:feedback-id:feedback-id:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; t=1656431518; x=1656517918; bh=c hNFJGnVmwFlV/4kG4Tu7FI+61E8OnB7l1hM6Uqf0Gg=; b=RdrinGRiqkKW+sBnp /1/qgRqH+zGcXRMwczqwYhrS6O/XIHNhv+Jl6cYnWTx9fUfQpH+2aOsp5aQ/E8qw aq3+Lq3O/AqV3mWp9jWjws34S/J75cRjl6ZvI4H6vaDML6u2jWRu5cCg9UD5V8cu rrM5PcwDLc3LtVbTflaYH7sxseAnlAzQLxPCC8ZgBYtaIye+u6Ynh6AYd8UlnjKU vH3ph0hWLHCqZaBtWYHjzGniiJYGO0ww7LtLf1H2LV0j2k57jZ2todvYq1xcMPco CvLECV0epnw0/r07HwR7yTdPRJ9xrRepeM00uQjnAd/lVon2ij69x4I/66ik5cil ZUOgQ==
X-ME-Sender: <xms:nSO7Yu4Z9mHwLI2CAsomygiKCeWXKh_cg9t-x1tx1kIGXT1q9yzwvQ> <xme:nSO7Yn76cmQCdnKip9Ei5RWN7uDl9R0KkCH87f_T8j3i91rt6PydahpLc_cFfd81Z I6ckx_m2FUsO06Vzg>
X-ME-Received: <xmr:nSO7YtczijnksWZCWVg2hvaGVozOIg7SljgxrpmvfHE2zQTmOn-xlNSOWZew>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudegjedgleegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefkffggfgfuvfhfhfgjtgfgsehtje ertddtfeejnecuhfhrohhmpefrvghtvghrucfurghinhhtqdetnhgurhgvuceoshhtphgv thgvrhesshhtphgvthgvrhdrihhmqeenucggtffrrghtthgvrhhnpedvvedtueffieevle eggeeuheeiieeuvdeftdeutdduvdeiheegheekhedutdehueenucffohhmrghinhepihgv thhfrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrh homhepshhtphgvthgvrhesshhtphgvthgvrhdrihhm
X-ME-Proxy: <xmx:nSO7YrKogiveG4ShM4gfKehgTgCyWDZT6742r9g84BsHZ0HYzToyYw> <xmx:nSO7YiKEjQbC4jooGeKpHmskRpSfsW0TW5K-T4jEijos_enVVXHA1A> <xmx:nSO7YsxqNrudD8vUAppB1tEjJ1OyxYD9fTxv1glhxrQqgq66xV-BFA> <xmx:niO7YkhYr82lSSmr3I23W61Z3eCHtLfXaM-AWs7uasEECsP-TVk80w>
Feedback-ID: i24394279:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 28 Jun 2022 11:51:57 -0400 (EDT)
Message-ID: <b469ed1a-e049-350f-ee80-0c1d7c5c8e84@stpeter.im>
Date: Tue, 28 Jun 2022 09:51:56 -0600
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Content-Language: en-US
To: uta@ietf.org, Viktor Dukhovni <ietf-dane@dukhovni.org>
References: <032e01d8878f$c2e8f630$48bae290$@smyslov.net> <A7E6035E-7BCF-4BB3-BB87-D261ED98532D@gmail.com> <ae5b3a02-bcc3-2106-a39a-b67aae55d85c@stpeter.im> <ac41a613-f802-0138-1e1b-326d2baa6574@stpeter.im> <BE6D8552-2723-4B64-9909-22C0BC32AC75@gmail.com> <8cf3b08d-478c-4cc5-be19-46cc1cc90271@stpeter.im> <YroARsHlIeR97z52@straasha.imrryr.org> <45cf71a8-c890-695a-5469-a7d545143571@stpeter.im> <YrorpEyiXIWDinNz@straasha.imrryr.org> <3d050f75-d4bf-dc52-0c2f-db488b2604e7@stpeter.im> <YrsM3fWYZ2dVi1bP@straasha.imrryr.org>
From: Peter Saint-Andre <stpeter@stpeter.im>
In-Reply-To: <YrsM3fWYZ2dVi1bP@straasha.imrryr.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/T4q6AbqBkznUk6YBkOpax3Ne78k>
Subject: Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jun 2022 15:58:29 -0000

On 6/28/22 8:14 AM, Viktor Dukhovni wrote:
> On Mon, Jun 27, 2022 at 04:31:25PM -0600, Peter Saint-Andre wrote:
> 
>>>> I'm not necessarily saying that - I'm saying only that Jeff and I tried
>>>> to find a canonical definition of "fully-qualified domain name" and the
>>>> best we could do was RFC 1034. Alternative proposals are welcome.
>>>
>>> There are only two possible answers:
>>>
>>>     - All DNS names are valid, so long as they have a wire form that
>>>       meets the requirements of RFC 1034.
>>>
>>>     - Only names that comply with section 2.1 of the Host Requirements RFC:
>>>
>>>           https://datatracker.ietf.org/doc/html/rfc1123#page-13
>>>
>>>       are valid.  These are LDH forms, whose labels therefore require no
>>>       special processing in presentation form, and so the limits are at
>>>       most 63 octets per label, and at most 254 bytes total (allowing for
>>>       an extra byte for the final 0 length wire-form label).
>>>
>>>       In LDH form the hyphens must not be the first or last character of
>>>       any label.  Names starting with "xx--" for various values of "xx"
>>>       are special reserved forms with (IIRC) "xn" being the only presently
>>>       defined prefix, but I don't think that it is appropriate for the
>>>       present document to delve into this level of detail.
>>>
>>>       The host requirements RFC further recomments staying under 63 bytes,
>>>       and though this is somewhat dated, it is nevertheless prudent if
>>>       possible.
>>
>> RFC 6125 (and now 6125bis) are not documents about the definition or
>> enforcement of DNS naming rules, only about client-side matching of
>> service identifiers presented in X.509 certificates against the client's
>> conception of what the service ought to be (i.e., against a reference
>> identifier). I see no reason to expand the scope of 6125bis in the
>> direction you might be proposing. Thus I would favor the first option above.
> 
> Note, I was not proposing anything for 6125bis.

Noted. :-)

> Rather, I was just
> responding to the posted question of what *might be* the definition
> of a (DNS) FQDN.

It doesn't seem to be well-defined anywhere. We could, of course, simply 
remove the phrase from 6125bis, but it's in common use and I suspect 
that removing it could cause more confusion.

Peter

v2.23.0 | Report a Bug | By Email