Re: [DNSOP] [Ext] Re: Ed's comment s on Re: WGLC for draft-ietf-dnsop-sutld-ps

[str4d]

On 02/17/2017 06:48 AM, Edward Lewis wrote:
> On 2/16/17, 12:23, "Suzanne Woolf"  wrote:
> On Feb 16, 2017, at 11:46 AM, Russ Housley  wrote:
> Ed: 
 It would be good to provide a list of requests for new special use names.
 Especially for a problem statement, this provides a way to estimate the 
 "size and shape" of the problem and the urgency.
> (Russ:)
>>> No matter how you count, the volume will remain small if this is done 
>>> properly.  However, the special name requests can still be 
>>> important and urgent.
> (Suzanne:)
>> I also note it’s fairly difficult to estimate. 
>>
>> ... .home/.corp/.mail ... .onion ... .alt ... .homenet 
> 
> There is also a use of .id by Blockstack? as opposed to the ccTLD for 
> Indonesia.  (This one just jumps to mind.)
> 
> I did some looking and despite thinking there was once a backlog of a dozen, 
> I haven't come across it in the mailing list.  (I could be wrong.)  What 
> about .belkin, often cited as a string seen but not allocated?

You missed the ones that started all the drama ;P

- .gnu
- .zkey
- .exit
- .i2p
- .bit

> 
> My goal is to see the problem statement document get more detailed so we can 
> know when we've solved the problem.  ("The problem" is meant to be general, 
> not necessarily the problem at hand.)
> 
>> All of the drafts besides those for .onion, .alt, and .homenet have expired, 
>> which tells us nothing about whether or how they might come back.
> 
> I don't think liveness of drafts is a sufficient measure of activity, 
> considering the problem statement talks about uses from folks not engaging in 
> the IETF process.  (If I'm hungry and in line at a restaurant, then walk away 
> because the wait is too long, I'm still hungry.)

+1. I have a vested interest in the outcome of this discussion (being
involved in a relevant project), and offered to participate in the
problem statement design process. But with the significant general
headwind around the former, and never hearing back about the latter, I
decided my time was better spent on other things.

Also note that for at least some of these drafts, their inactivity and
expiry likely stems from the very loud "We are freezing the 6761 process
indefinitely" announcement. I doubt anyone outside of the existing IEFT
community would be willing to spend time working on a 6761-dependent
draft without knowing whether it will even exist in future.

Cheers,
str4d




signature.asc
Description: OpenPGP digital signature
___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Re: [DNSOP] Proposal for a new record type: SNI

[John R Levine]

The reason to allow non-empty RDATA is to support servers that serve
multiple multi-domain certificates from a single IP address, dispatched by
SNI.  This is common on CDNs and other large internet serving systems.


Oh, OK, that's helpful.

So the use case is a web server that serves a zillion domains, with the 
domains grouped into clusters that share a certificate.  For each cluster, 
you pick one of the names as the cover name, and the SNI points to that
name.  The cover name doesn't have to be in the DNS, but if it's not, that 
makes it stick out like a sore thumb.


Passive DNS on the server's IP address will reveal all of the server's 
names, and probes on those names to get the certs will reveal which names 
are in which cluster, so all SNI reveals is which names are the cover 
names.


Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

___
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop