On 3/18/15, 10:29, "Jaap Akkerhuis" <j...@nlnetlabs.nl> wrote:
>The pointer from Suzanne to the liaison statement shows that >apparently this as been attended to in the past. Executive summary of my message below. Count me as utterly confused regarding the topic and agreeing that a deeper, focused discussion is warranted. The longer version: Along the lines of agreeing with Jaap, I'm not sure I really understand the Special-Use Domain Names registry as much as I thought anymore. The liaison statement is something I hadn't seen before, IMHO, if just because liaison statements aren't as accessible, searchable or well known as RFC's. More or less, this is a "communications" problem - publicizing results. Nevertheless, reading the liaison statement I came across this and wondered if more specific material is available: "Discussion of these requests under the process established in RFC 6761 has revealed difficulties in applying its guidelines in practice." I'm inclined to see that RFC 6761 can be improved, but wonder what "difficulties" were the basis of the statement's conclusion. More detail here would be helpful, especially is someone has already taken the time to do the work. Beyond the liaison statement, and back to the mission of the Special-Use Domain Names registry, I've had in mind that there is a separation between dotted strings that look like domain names and domain names themselves and this separation's inconsistent treatment is where we run into questions like whether something like .onion is a TLD or not or is deserving of being treated as a TLD. (I've used the term transliterated-DNS names in probably an inappropriate way to distinguish between how the DNS writes domain names into its master [zone] files and how the DNS protocol transmits names in UDP. Personally I've attached significance to dotted strings that are also seen on the wire as opposed to names that never get converted when it comes to whether a name is a domain name or just a dotted string. Yes, I am in the weeds on this one.) >From what I've read, one interpretation of a name in the Special-Use Domain Names registry is that it shouldn't de delegated in the root zone.[0] Another interpretation is that DNS "surface software" (my unqualified term for the API's and stubs) return all requests for such a name as NXDOMAIN without consulting DNS servers[1]. Yet another interpretation is that applications ought to consult the registry and if the name is there, do not even think to ask the DNS "surface software" about it.[2] Given these interpretations from what I've read, I move my marker to "a little confused" by the registry. Perhaps "defense in depth" principles says all of the interpretations ought to be applied. So, in a way, I see the liaison statement asking the DNSOP WG to define the criteria for treating a name (thinking mostly of dotted strings) as qualifying for a technical reservation (perhaps via the Special-Use Domain Names registry) and possibly defining what such a reservation means to implementations. [0] Raising the issue of the how a protocol like WhoIs or RDAP would report the name. [1] http://www.ietf.org/mail-archive/web/dnsop/current/msg13777.html And I don't think that gethostbyname() returned the RCODE, but its been many years since I looked. I appreciate that the message is using some shorthand, but this just adds to confusion. I.e., I read the first line as asking that the name be prevented form being in the root because it would be in the Special-Use Domain Name registry. [2] http://www.ietf.org/mail-archive/web/dnsop/current/msg13765.html PS - Even just reading RFC 6761 I get a bit confused. There's "if declaring a given name to be special would result in no change to any implementations, then that suggests that the name may not be special in any material way, and it may be more appropriate to use the existing DNS mechanisms" which though it's "negative" grammar leaves me wondering if it means that the Special-Use Domain Names are to be treated differently in applications outside of DNS. But later there is this quote, "it has to be defined to return NXDOMAIN" which to me implies the DNS "surface software" or even it's server software has to be modified.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop