Dear colleagues, I have read draft-grothoff-iesg-special-use-p2p-names-03. I have some comments.
In section 3, the definition of NXDOMAIN isn't actually necessary; this was defined in RFC 2308. I think it's great that the authors of this document have broken out the specialness of each kind of name, according to the criteria of RFC 6761. This is very helpful, because it allows each name to be considered independently. I do think it would be rather better if they were broken apart into separate documents -- or at least broken into groups of interdependent names -- because some of these names seem to me to be more problematic than others. Each of the names' special-processing sections includes a requirement (in item 6) that DNS server operators not provide resolution for names beneath the pseudo-TLD in question. I hope the authors do not imagine that this will prevent any server operator from answering queries for such names; there is effectively no way to make this guarantee, which is part of the risk of using DNS-like names that are not actually in the DNS. It seems that ought to be pointed out in the security considerations. For each of these names, it would be nice to see an argument as to why the names need to be TLDs as opposed to being located elsewhere in the tree. Given the fairly wide deployment of Tor, it's probably too late to fix onion and exit; but the other cases seem to be pretty lightly deployed, and I think one probably needs a strong argument for why we ought to be encroaching on the global namespace this way. In the draft, at least the motivations for onion and exit are made clear. It's a little harder to find the motivation for i2p, gnu, and zkey; but if you follow the references, you can figure it out. The same cannot be said for bit. The specification for it that is referred to in the draft is, to put it charitably, rather sketchy. It appears, however, that bit is an attack on the existing IANA-managed name registration system. There appears to be a namecoin business model and fees, and there are claims on https://wiki.namecoin.info/index.php?title=Register_and_Configure_.bit_Domains about "owning" the domain. I think it is completely illegitimate to use the IANA special-use names registry to try to circumvent the administrative arrangements undertaken by the IANA operator of the global namespace (regardless of how one might feel about that operator's stewardship of the global namespace or the policies, financial or otherwise, governing the root zone). There seems to be no technical advantage that bit is enabling (cf. "special handling of a name is required in order to implement some desired new functionality", from RFC 6761) apart from the trick of removing name registration activities from the DNS and putting them in the hands of someone else, with policies and protocols that are not well specified. I therefore do not believe that this I-D should proceed until either bit is removed from it, or a justification for the registration of bit is added to the document. Best regards, A -- Andrew Sullivan a...@anvilwalrusden.com _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop