Dear DNSOP, The KSK-Sentinel document ( https://tools.ietf.org/html/draft-ietf-dnsop-kskroll-sentinel-12) makes use of the (leftmost) labels root-key-sentinel-is-ta-<key-tag> and root-key-sentinel-not-ta-<key-tag>. If a validating recursive resolver sees these labels, it performs special handling.
Great, everyone is nodding along so far... Gulp. Now for the question: Is root-key-sentinel-is-ta-<key-tag> an RFC6761 "Special-Use Domain Name"? The authors are in disagreement - RFC6761 talks about "Special-Use Domain *Names*", not "Special-Use Domain *Labels*", but Stuart has said that it wasn't intended to be only for TLDs / pseudo-TLDs / things starting at the top of the tree. My view is that this probably is a SUN; it is a name which requires special handling. My co-authors (rightly) point out that "name" is poorly defined, this is a label not a name, RFC6761 is vague in it's use of terminology, and all of the examples and entries are right-anchored. We've crafted answers to "the 7 questions" from RFC 6761 below; we don't care which option the WG selects (we have the text and revisions are free), but we (and I'm assuming the WG!) desperately don't want this to turn into another extended discussion on SUN / names vs identifiers vs identities vs contexts / who has policy control over root / internet governance / etc. So, please, *clearly* state if you think that this: A: is a SUN B: is not a SUN RFC 8244 [0] was fun, but I'm not sure how much more fun I can handle; we'd love *clear* guidance by next Friday (May 25th) 'So don't delay, act now, supplies are running out Allow, if you're still alive, six to eight years to arrive And if you follow, there may be a tomorrow But if the offer's shunned You might as well be walking on the SUN" -- Smash Mouth Note: We are answering the questions as asked, and so use 6761 terminology: ---------------------- IANA Considerations The IANA is requested to make the following entries in the Special Use Domain Names registry (https://www.iana.org/assignments/special-use-domain-names/special-use- domain-names.xhtml) referencing this RFC root-key-sentinel-is-ta-<key-tag>.* RFC XXXX root-key-sentinel-not-ta-<key-tag>.* RFC XXXX Domain Name Reservation Considerations This refers to the set DNS names where the left-most label matches the specified patterns. The answers to the seven questions listed in [RFC6761] are as follows: 1: Users: Human users are not expected to use or recognize these names as special, other than those who wish to perform testing of their DNS resolution environment. It is expected that the majority of the testing will be performed through automated means (e.g: using JavaScript to cause the user's browser to trigger a DNS lookup), and so the majority of users will never see these. 2. Application Software: No specified behavior is expected of application software. 3. Name Resolution APIs and Libraries: Name resolution libraries are not expected to recognize these names as special. 4. Caching DNS Servers: Caching DNS servers which perform DNSSEC validation are expected to treat these labels specially, as described in this document. Caching DNS servers which are NOT performing DNSSEC validation are not expected to treat these names as special. 5. Authoritative DNS Servers: Authoritative domain name servers are not expected to undertake any altered behaviour for these names. 6. DNS Server Operators: These reserved Special-Use Domain Name have no potential impact on DNS server operators. 7. DNS Registries/Registrars: These names have a special behaviour only when used as the left-most label in a name resolution query. They have no special significance in any other context and are not required to be treated differently in the context of registeries and registrars. ------ W [0]: The Abstract of RFC 8244 says: "The policy defined in RFC 6761 for IANA registrations in the "Special-Use Domain Names" registry has been shown, through experience, to present challenges that were not anticipated when RFC 6761 was written. .... This document should be considered required reading for IETF participants who wish to express an informed opinion on the topic of Special-Use Domain Names." -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop