Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06
Viktor Dukhovni <ietf-dane@dukhovni.org> Tue, 28 June 2022 14:14 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38433C1594AD for <uta@ietfa.amsl.com>; Tue, 28 Jun 2022 07:14:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aN9pH1-BMhYi for <uta@ietfa.amsl.com>; Tue, 28 Jun 2022 07:14:55 -0700 (PDT)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B5A7C157B3F for <uta@ietf.org>; Tue, 28 Jun 2022 07:14:54 -0700 (PDT)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id A94A1100B5B; Tue, 28 Jun 2022 10:14:53 -0400 (EDT)
Date: Tue, 28 Jun 2022 10:14:53 -0400
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: uta@ietf.org
Message-ID: <YrsM3fWYZ2dVi1bP@straasha.imrryr.org>
Reply-To: uta@ietf.org
References: <032e01d8878f$c2e8f630$48bae290$@smyslov.net> <A7E6035E-7BCF-4BB3-BB87-D261ED98532D@gmail.com> <ae5b3a02-bcc3-2106-a39a-b67aae55d85c@stpeter.im> <ac41a613-f802-0138-1e1b-326d2baa6574@stpeter.im> <BE6D8552-2723-4B64-9909-22C0BC32AC75@gmail.com> <8cf3b08d-478c-4cc5-be19-46cc1cc90271@stpeter.im> <YroARsHlIeR97z52@straasha.imrryr.org> <45cf71a8-c890-695a-5469-a7d545143571@stpeter.im> <YrorpEyiXIWDinNz@straasha.imrryr.org> <3d050f75-d4bf-dc52-0c2f-db488b2604e7@stpeter.im>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <3d050f75-d4bf-dc52-0c2f-db488b2604e7@stpeter.im>
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/YPvD8a8nQbYkwIgBbi9_qIEnR5o>
Subject: Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jun 2022 14:14:56 -0000
On Mon, Jun 27, 2022 at 04:31:25PM -0600, Peter Saint-Andre wrote: > >> I'm not necessarily saying that - I'm saying only that Jeff and I tried > >> to find a canonical definition of "fully-qualified domain name" and the > >> best we could do was RFC 1034. Alternative proposals are welcome. > > > > There are only two possible answers: > > > > - All DNS names are valid, so long as they have a wire form that > > meets the requirements of RFC 1034. > > > > - Only names that comply with section 2.1 of the Host Requirements RFC: > > > > https://datatracker.ietf.org/doc/html/rfc1123#page-13 > > > > are valid. These are LDH forms, whose labels therefore require no > > special processing in presentation form, and so the limits are at > > most 63 octets per label, and at most 254 bytes total (allowing for > > an extra byte for the final 0 length wire-form label). > > > > In LDH form the hyphens must not be the first or last character of > > any label. Names starting with "xx--" for various values of "xx" > > are special reserved forms with (IIRC) "xn" being the only presently > > defined prefix, but I don't think that it is appropriate for the > > present document to delve into this level of detail. > > > > The host requirements RFC further recomments staying under 63 bytes, > > and though this is somewhat dated, it is nevertheless prudent if > > possible. > > RFC 6125 (and now 6125bis) are not documents about the definition or > enforcement of DNS naming rules, only about client-side matching of > service identifiers presented in X.509 certificates against the client's > conception of what the service ought to be (i.e., against a reference > identifier). I see no reason to expand the scope of 6125bis in the > direction you might be proposing. Thus I would favor the first option above. Note, I was not proposing anything for 6125bis. Rather, I was just responding to the posted question of what *might be* the definition of a (DNS) FQDN. One might however make a reasonable case that if DNS names in DNS subject alternative names are not constrained to RFC 1123 Section 2.1 LDH names, then their representation in DNS-ID values is of course constrained to "7-bit" (IA5String) characters and needs to use DNS presentation form escaping rules for at least some special characters. At a minimum "." and "\" may need to be escaped, as "\." and "\\". Other "special" IA5 characters could arguably be rendered verbatim, but better I think also escaped, probably via "\DDD" decimal escapes for control characters, <DEL>, punctuation, double-quotes and whitespace. The above is perhaps not terribly appealing, and interoperability for escaped forms would likely be limited. So non-LDH names could reasonably be "discouraged". -- Viktor.
- [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Valery Smyslov
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Valery Smyslov
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Yaron Sheffer
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Yaron Sheffer
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Yaron Sheffer
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Viktor Dukhovni
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Viktor Dukhovni
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Viktor Dukhovni
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Viktor Dukhovni
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Viktor Dukhovni
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Viktor Dukhovni
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Viktor Dukhovni
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Yaron Sheffer
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Martin Thomson
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Martin Thomson
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Martin Thomson
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Valery Smyslov
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Valery Smyslov
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Alexey Melnikov
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Martin Thomson
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Valery Smyslov
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Valery Smyslov
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 tom petch
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre