Re: [netmod] 6991bis: domain-name

[Ladislav Lhotka]

On Wed, 2019-07-24 at 10:18 +0100, William Lupton wrote:
> I think that "or" is slightly better here:
> 
> "...does not support wildcards (see RFC 4592) or classless in-addr.arpa
> delegations (see RFC 2317)"

I agree, thanks.

Lada

> 
> On Wed, 24 Jul 2019 at 08:01, Juergen Schoenwaelder <
> j.schoenwael...@jacobs-university.de> wrote:
> > On Mon, Jul 22, 2019 at 06:41:42PM -0400, Ladislav Lhotka wrote:
> > > 
> > > But these two unsupported cases only make sense in the context of DNS zone
> > data.
> > > I would suggest instead
> > > 
> > > NEW:
> > > 
> > > "The domain-name type represents a DNS domain name.  The
> > >  name SHOULD be fully qualified whenever possible.
> > >  This type is not intended for modeling DNS zone data, as
> > >  it does not support wildcards [RFC 4592] and classless
> > >  in-addr.arpa delegations [RFC 2317]." 
> > >
> > 
> > Yes, this is better. I will put the following in the next revision:
> > 
> >  "The domain-name type represents a DNS domain name.  The
> >   name SHOULD be fully qualified whenever possible. This
> >   type does not support wildcards (see RFC 4592) and
> >   classless in-addr.arpa delegations (see RFC 2317).
> > 
> > And I will remove the sentence you wanted to remove since the above
> > more clearly explains when to use / not to use this type.
> > 
> > /js
> > 
-- 
Ladislav Lhotka
Head, CZ.NIC Labs
PGP Key ID: 0xB8F92B08A9F76C67

___
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod

Re: [netmod] 6991bis: domain-name

[Juergen Schoenwaelder]

Yes, changed in my sources.

/js

On Wed, Jul 24, 2019 at 10:18:32AM +0100, William Lupton wrote:
> I think that "or" is slightly better here:
> 
> "...does not support wildcards (see RFC 4592) *or* classless in-addr.arpa
> delegations (see RFC 2317)"
> 
> On Wed, 24 Jul 2019 at 08:01, Juergen Schoenwaelder <
> j.schoenwael...@jacobs-university.de> wrote:
> 
> > On Mon, Jul 22, 2019 at 06:41:42PM -0400, Ladislav Lhotka wrote:
> > >
> > > But these two unsupported cases only make sense in the context of DNS
> > zone data.
> > > I would suggest instead
> > >
> > > NEW:
> > >
> > > "The domain-name type represents a DNS domain name.  The
> > >  name SHOULD be fully qualified whenever possible.
> > >  This type is not intended for modeling DNS zone data, as
> > >  it does not support wildcards [RFC 4592] and classless
> > >  in-addr.arpa delegations [RFC 2317]."
> > >
> >
> > Yes, this is better. I will put the following in the next revision:
> >
> >  "The domain-name type represents a DNS domain name.  The
> >   name SHOULD be fully qualified whenever possible. This
> >   type does not support wildcards (see RFC 4592) and
> >   classless in-addr.arpa delegations (see RFC 2317).
> >
> > And I will remove the sentence you wanted to remove since the above
> > more clearly explains when to use / not to use this type.
> >
> > /js
> >
> > --
> > Juergen Schoenwaelder   Jacobs University Bremen gGmbH
> > Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany
> > Fax:   +49 421 200 3103 
> >
> > ___
> > netmod mailing list
> > netmod@ietf.org
> > https://www.ietf.org/mailman/listinfo/netmod
> >

-- 
Juergen Schoenwaelder   Jacobs University Bremen gGmbH
Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103 

___
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod

Re: [netmod] 6991bis: domain-name

[William Lupton]

I think that "or" is slightly better here:

"...does not support wildcards (see RFC 4592) *or* classless in-addr.arpa
delegations (see RFC 2317)"

On Wed, 24 Jul 2019 at 08:01, Juergen Schoenwaelder <
j.schoenwael...@jacobs-university.de> wrote:

> On Mon, Jul 22, 2019 at 06:41:42PM -0400, Ladislav Lhotka wrote:
> >
> > But these two unsupported cases only make sense in the context of DNS
> zone data.
> > I would suggest instead
> >
> > NEW:
> >
> > "The domain-name type represents a DNS domain name.  The
> >  name SHOULD be fully qualified whenever possible.
> >  This type is not intended for modeling DNS zone data, as
> >  it does not support wildcards [RFC 4592] and classless
> >  in-addr.arpa delegations [RFC 2317]."
> >
>
> Yes, this is better. I will put the following in the next revision:
>
>  "The domain-name type represents a DNS domain name.  The
>   name SHOULD be fully qualified whenever possible. This
>   type does not support wildcards (see RFC 4592) and
>   classless in-addr.arpa delegations (see RFC 2317).
>
> And I will remove the sentence you wanted to remove since the above
> more clearly explains when to use / not to use this type.
>
> /js
>
> --
> Juergen Schoenwaelder   Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany
> Fax:   +49 421 200 3103 
>
> ___
> netmod mailing list
> netmod@ietf.org
> https://www.ietf.org/mailman/listinfo/netmod
>
___
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod

Re: [netmod] 6991bis: domain-name

[Juergen Schoenwaelder]

On Mon, Jul 22, 2019 at 06:41:42PM -0400, Ladislav Lhotka wrote:
> 
> But these two unsupported cases only make sense in the context of DNS zone 
> data.
> I would suggest instead
> 
> NEW:
> 
> "The domain-name type represents a DNS domain name.  The
>  name SHOULD be fully qualified whenever possible.
>  This type is not intended for modeling DNS zone data, as
>  it does not support wildcards [RFC 4592] and classless
>  in-addr.arpa delegations [RFC 2317]." 
>

Yes, this is better. I will put the following in the next revision:

 "The domain-name type represents a DNS domain name.  The
  name SHOULD be fully qualified whenever possible. This
  type does not support wildcards (see RFC 4592) and
  classless in-addr.arpa delegations (see RFC 2317).

And I will remove the sentence you wanted to remove since the above
more clearly explains when to use / not to use this type.

/js

-- 
Juergen Schoenwaelder   Jacobs University Bremen gGmbH
Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103 

___
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod

Re: [netmod] 6991bis: domain-name

[Ladislav Lhotka]

On Tue, 2019-07-23 at 00:07 +0200, Juergen Schoenwaelder wrote:
> On Mon, Jul 22, 2019 at 04:55:33PM -0400, Ladislav Lhotka wrote:
> > Juergen Schoenwaelder  writes:
> > 
> > > Lada,
> > > 
> > > I do not think we can simply enlarge the value set of inet:domain-name,
> > > existing implementations using inet:domain-name may (rightfully) not
> > > expect wildcards.
> > 
> > On the other hand, the description says:
> > 
> >It is designed to hold various types of domain names,including
> >names used for A or  records (host names) and otherrecords, ...
> > 
> > So one could expect that all values that can appear e.g. in A/ records
> > of DNS zone data are supported, which is not the case.
> 
> The pattern does not allow wildcards and it did so back in RFC 6021.
> We can discuss whether this is wrong but allowing wildcards or other
> new characters I think should be done with care and considering
> existing implementations.
>  
> > > What we can do is to create a new definition that has a larger value
> > > space. We can also consider to define inet:domain-name as a subset of
> > > such a larger type as long as it results in the same value space.
> > 
> > My suggestion is to remove the above sentence from the description in the
> > next revision, and leave the rest to DNS folks. There are other interesting
> > issues, such as how to model internationalized domain names.
> 
> I am not sure which problem is solved by removing the sentence.

There are many places where domain names are used. The description mentions
A//SRV resource records even those the type is actually not well suited for
this use case.

> 
> I would perhaps understand the suggestion to _add_ an explicit
> statement right at the top that wildcards or slashes are not
> supported:
> 
> OLD:
> 
> "The domain-name type represents a DNS domain name.  The
>  name SHOULD be fully qualified whenever possible.
> 
> NEW:
> 
> "The domain-name type represents a DNS domain name.  The
>  name SHOULD be fully qualified whenever possible. Domain
>names including wildcards or forward slashes are not
>supported.

But these two unsupported cases only make sense in the context of DNS zone data.
I would suggest instead

NEW:

"The domain-name type represents a DNS domain name.  The
 name SHOULD be fully qualified whenever possible.
 This type is not intended for modeling DNS zone data, as
 it does not support wildcards [RFC 4592] and classless
 in-addr.arpa delegations [RFC 2317]." 

Lada

> 
> This would help clarify things. People that need to represent
> wildcards etc. then know that this type is not the right one for
> them.
> 
> /js
> 
> > Lada
> > 
> > > /js
> > > 
> > > On Fri, Mar 29, 2019 at 11:20:13AM +0100, Ladislav Lhotka wrote:
> > > > Hi,  as a follow-up to my comment during the NETMOD session, I want
> > > > to propose the following update to the the inet:domain-name type.
> > > > The aim is to include use cases that are currently rejected:  -
> > > > classless in-addr.arpa delegations [RFC 2317], i.e. labels like
> > > > "128/26"  - wildcards [RFC 4592], e.g. "*.example.net"  OLD
> > > > pattern
> > > > '((([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.)*' +
> > > > '([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.?)'  + '|\.';
> > > > NEW  pattern
> > > > '((\*\.)?(([a-zA-Z0-9_]([a-zA-Z0-9\-/_]){0,61})?[a-zA-Z0-9]\.)*'
> > > > + '([a-zA-Z0-9_]([a-zA-Z0-9\-/_]){0,61})?[a-zA-Z0-9]\.?)' +
> > > > '|\.';  Lada  --  Ladislav Lhotka Head, CZ.NIC Labs PGP Key ID:
> > > > 0xB8F92B08A9F76C67 ___
> > > > netmod mailing list netmod@ietf.org
> > > > https://www.ietf.org/mailman/listinfo/netmod
> > > 
> > > --  Juergen Schoenwaelder   Jacobs University Bremen gGmbH
> > > Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany
> > > Fax:   +49 421 200 3103 
> > 
> > -- 
> > Ladislav Lhotka
> > Head, CZ.NIC Labs
> > PGP Key ID: 0xB8F92B08A9F76C67
-- 
Ladislav Lhotka
Head, CZ.NIC Labs
PGP Key ID: 0xB8F92B08A9F76C67

___
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod

Re: [netmod] 6991bis: domain-name

[Juergen Schoenwaelder]

On Mon, Jul 22, 2019 at 04:55:33PM -0400, Ladislav Lhotka wrote:
> Juergen Schoenwaelder  writes:
> 
> > Lada,
> > 
> > I do not think we can simply enlarge the value set of inet:domain-name,
> > existing implementations using inet:domain-name may (rightfully) not
> > expect wildcards.
> 
> On the other hand, the description says:
> 
>It is designed to hold various types of domain names,including
>names used for A or  records (host names) and otherrecords, ...
> 
> So one could expect that all values that can appear e.g. in A/ records
> of DNS zone data are supported, which is not the case.

The pattern does not allow wildcards and it did so back in RFC 6021.
We can discuss whether this is wrong but allowing wildcards or other
new characters I think should be done with care and considering
existing implementations.
 
> > What we can do is to create a new definition that has a larger value
> > space. We can also consider to define inet:domain-name as a subset of
> > such a larger type as long as it results in the same value space.
> 
> My suggestion is to remove the above sentence from the description in the
> next revision, and leave the rest to DNS folks. There are other interesting
> issues, such as how to model internationalized domain names.

I am not sure which problem is solved by removing the sentence.

I would perhaps understand the suggestion to _add_ an explicit
statement right at the top that wildcards or slashes are not
supported:

OLD:

"The domain-name type represents a DNS domain name.  The
 name SHOULD be fully qualified whenever possible.

NEW:

"The domain-name type represents a DNS domain name.  The
 name SHOULD be fully qualified whenever possible. Domain
 names including wildcards or forward slashes are not
 supported.

This would help clarify things. People that need to represent
wildcards etc. then know that this type is not the right one for
them.

/js

> Lada
> 
> > 
> > /js
> > 
> > On Fri, Mar 29, 2019 at 11:20:13AM +0100, Ladislav Lhotka wrote:
> > > Hi,  as a follow-up to my comment during the NETMOD session, I want
> > > to propose the following update to the the inet:domain-name type.
> > > The aim is to include use cases that are currently rejected:  -
> > > classless in-addr.arpa delegations [RFC 2317], i.e. labels like
> > > "128/26"  - wildcards [RFC 4592], e.g. "*.example.net"  OLD
> > > pattern
> > > '((([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.)*' +
> > > '([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.?)'  + '|\.';
> > > NEW  pattern
> > > '((\*\.)?(([a-zA-Z0-9_]([a-zA-Z0-9\-/_]){0,61})?[a-zA-Z0-9]\.)*'
> > > + '([a-zA-Z0-9_]([a-zA-Z0-9\-/_]){0,61})?[a-zA-Z0-9]\.?)' +
> > > '|\.';  Lada  --  Ladislav Lhotka Head, CZ.NIC Labs PGP Key ID:
> > > 0xB8F92B08A9F76C67 ___
> > > netmod mailing list netmod@ietf.org
> > > https://www.ietf.org/mailman/listinfo/netmod
> > 
> > --  Juergen Schoenwaelder   Jacobs University Bremen gGmbH
> > Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany
> > Fax:   +49 421 200 3103 
> 
> -- 
> Ladislav Lhotka
> Head, CZ.NIC Labs
> PGP Key ID: 0xB8F92B08A9F76C67

-- 
Juergen Schoenwaelder   Jacobs University Bremen gGmbH
Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103 

___
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod

Re: [netmod] 6991bis: domain-name

[Ladislav Lhotka]

Juergen Schoenwaelder  
writes:


Lada, 

I do not think we can simply enlarge the value set of 
inet:domain-name, existing implementations using 
inet:domain-name may (rightfully) not expect wildcards.


On the other hand, the description says:

   It is designed to hold various types of domain names, 
   including
   names used for A or  records (host names) and other 
   records, ...


So one could expect that all values that can appear e.g. in A/ 
records of DNS zone data are supported, which is not the case. 


What we can do is to create a new definition that has a larger 
value space. We can also consider to define inet:domain-name as 
a subset of such a larger type as long as it results in the same 
value space.


My suggestion is to remove the above sentence from the description 
in the next revision, and leave the rest to DNS folks. There are 
other interesting issues, such as how to model internationalized 
domain names.


Lada



/js 

On Fri, Mar 29, 2019 at 11:20:13AM +0100, Ladislav Lhotka wrote: 
Hi,  as a follow-up to my comment during the NETMOD session, I 
want to propose the following update to the the 
inet:domain-name type. The aim is to include use cases that are 
currently rejected:  - classless in-addr.arpa delegations [RFC 
2317], i.e. labels like "128/26"  - wildcards [RFC 4592], 
e.g. "*.example.net"  OLD  
pattern 
  '((([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.)*' 
+ '([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.?)'  + 
'|\.'; 
 NEW  
pattern 
  '((\*\.)?(([a-zA-Z0-9_]([a-zA-Z0-9\-/_]){0,61})?[a-zA-Z0-9]\.)*' 
+ '([a-zA-Z0-9_]([a-zA-Z0-9\-/_]){0,61})?[a-zA-Z0-9]\.?)' 
+ '|\.'; 
 Lada  --  Ladislav Lhotka Head, CZ.NIC Labs PGP Key ID: 
0xB8F92B08A9F76C67 
___ netmod mailing 
list netmod@ietf.org 
https://www.ietf.org/mailman/listinfo/netmod 


--  Juergen Schoenwaelder   Jacobs University Bremen 
gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 
Bremen | Germany Fax:   +49 421 200 3103 
 


--
Ladislav Lhotka
Head, CZ.NIC Labs
PGP Key ID: 0xB8F92B08A9F76C67

___
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod

Re: [netmod] 6991bis: domain-name

[Juergen Schoenwaelder]

Lada,

I do not think we can simply enlarge the value set of inet:domain-name,
existing implementations using inet:domain-name may (rightfully) not
expect wildcards.

What we can do is to create a new definition that has a larger value
space. We can also consider to define inet:domain-name as a subset of
such a larger type as long as it results in the same value space.

/js

On Fri, Mar 29, 2019 at 11:20:13AM +0100, Ladislav Lhotka wrote:
> Hi,
> 
> as a follow-up to my comment during the NETMOD session, I want to propose the
> following update to the the inet:domain-name type. The aim is to include use
> cases that are currently rejected:
> 
> - classless in-addr.arpa delegations [RFC 2317], i.e. labels like "128/26"
> 
> - wildcards [RFC 4592], e.g. "*.example.net"
> 
> OLD
> 
> pattern
>   '((([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.)*'
> + '([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.?)'
> + '|\.';
> 
> NEW
> 
> pattern
>   '((\*\.)?(([a-zA-Z0-9_]([a-zA-Z0-9\-/_]){0,61})?[a-zA-Z0-9]\.)*'
> + '([a-zA-Z0-9_]([a-zA-Z0-9\-/_]){0,61})?[a-zA-Z0-9]\.?)'
> + '|\.';
> 
> Lada
> 
> -- 
> Ladislav Lhotka
> Head, CZ.NIC Labs
> PGP Key ID: 0xB8F92B08A9F76C67
> 
> 
> 
> 
> ___
> netmod mailing list
> netmod@ietf.org
> https://www.ietf.org/mailman/listinfo/netmod

-- 
Juergen Schoenwaelder   Jacobs University Bremen gGmbH
Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103 

___
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod

Re: [netmod] 6991bis: domain-name

[Ladislav Lhotka]

Rob Wilton (rwilton) píše v Pá 29. 03. 2019 v 11:15 +:
> Hi Lada,
> 
> For a domain name that supports wildcard, I wonder whether that wouldn't be
> better as a separate type.  I can imagine that in a lot of places a wildcard
> domain name isn't appropriate.

But the description says:

It is designed to hold various types of domain names, including names used for A
or  records (host names) and other records, such as SRV records.

And in DNS resource records, wilcard names are possible.

It is true that wildcards are not permitted in host names and such, but then the
"inet:host" type should not have domain-name as its member type. Even with the
existing version the "host" type permits "." which is not good either.

The "inet:host" type should IMO adhere to a stricter syntax of RFC 952. I will
send another message to address this.

Lada

> 
> Thanks,
> Rob
> 
> 
> > -Original Message-
> > From: netmod  On Behalf Of Ladislav Lhotka
> > Sent: 29 March 2019 10:20
> > To: NETMOD WG 
> > Subject: [netmod] 6991bis: domain-name
> > 
> > Hi,
> > 
> > as a follow-up to my comment during the NETMOD session, I want to propose
> > the following update to the the inet:domain-name type. The aim is to include
> > use cases that are currently rejected:
> > 
> > - classless in-addr.arpa delegations [RFC 2317], i.e. labels like "128/26"
> > 
> > - wildcards [RFC 4592], e.g. "*.example.net"
> > 
> > OLD
> > 
> > pattern
> >   '((([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.)*'
> > + '([a-zA-Z0-9_]([a-zA-Z0-9\-_]){0,61})?[a-zA-Z0-9]\.?)'
> > + '|\.';
> > 
> > NEW
> > 
> > pattern
> >   '((\*\.)?(([a-zA-Z0-9_]([a-zA-Z0-9\-/_]){0,61})?[a-zA-Z0-9]\.)*'
> > + '([a-zA-Z0-9_]([a-zA-Z0-9\-/_]){0,61})?[a-zA-Z0-9]\.?)'
> > + '|\.';
> > 
> > Lada
> > 
> > --
> > Ladislav Lhotka
> > Head, CZ.NIC Labs
> > PGP Key ID: 0xB8F92B08A9F76C67
> > 
> > 
> > 
> > 
> > ___
> > netmod mailing list
> > netmod@ietf.org
> > https://www.ietf.org/mailman/listinfo/netmod
-- 
Ladislav Lhotka
Head, CZ.NIC Labs
PGP Key ID: 0xB8F92B08A9F76C67

___
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod