I endorse and support Stuart Cheshire's remarks below.

Thanks,
Donald
=============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e...@gmail.com

On Tue, Dec 29, 2015 at 4:32 PM, Stuart Cheshire <chesh...@apple.com> wrote:

> Hi Joe, Peter, Alain,
>
> I have some feedback on draft-adpkja-dnsop-special-names-problem-00.
>
> There seems to have been lots of recent discussion regarding confusion
> surrounding RFC 6761. I’m a little surprised by this, since I didn’t think
> RFC 6761 was unclear. But then as co-author, that’s my failing. I thought
> it clearly stated our intention, and I thought the IETF Last Call scrutiny
> should have identified any ambiguity, but apparently not.
>
> >    In recent years, using the last label of a domain name (aka TLD) as
> >    switch to indicate how to treat name resolution has been experimented
> >    using the framework of [RFC6761].
>
> Not only the last label. The last _n_ labels are also commonly used as the
> algorithmic method for determining what names qualify as special. Some
> examples:
>
> 10.in-addr.arpa.
> 168.192.in-addr.arpa.
> example.com.
> example.net.
> example.org.
>
> >    This switch practice is not explicitly documented anywhere.
>
> That was the intention of the seven-question list: to have protocol
> specifications explicitly document their “switch practice” -- i.e. how
> their special names are to be unambiguously recognized, and what software
> should do having recognized one of them.
>
> >    Answers to these seven questions provide guidance to the
> >    corresponding seven audiences on how to handle a special-use domain
> >    name once it has been reserved by inclusion in the Registry.
> >    However, they are inadequate for making the determination whether a
> >    particular domain name qualifies as being special in the first place.
>
> You have it backwards. The seven questions were not “what to expect
> *after* this special-use registration is done”; they were the
> justifications *why* the special-use registration should be granted,
> required in a document demonstrating that it (a) provides a result that the
> community judges to be good, and (b) the aforementioned good result cannot
> reasonably be achieved better another way.
>
> >    The lack of a more elegant way to specify a name resolution protocol
> >    in (for example) a URI amounts to an architectural oversight.
>
> I’m not sure I agree that there *is* a more elegant way to achieve the
> desired effect. Unless you intend to actually describe some hypothetical
> “more elegant way” of doing this, I suggest simply removing this
> unsupported implication from the document.
>
> >    It should also be noted that there are other choice than using the
> >    most significant label for a protocol switch.  In particular, a
> >    proposal to move those protocol switches under a specific top level
> >    domain has been discussed (.ALT).  If that architecture choice is
> >    made, some of the questions listed in the sections bellow (sic) would
> >    become moot.
>
> RFC 6761 is not, and has never been, about TLDs. It is about special
> behaviours, and how to trigger them. As such, whether the protocol switch
> is a TLD, or SLD, or 3LD, or whatever, has no bearing at all on “the
> questions listed in the sections below”. The same concerns would apply
> equally, regardless of how the algorithmic determination of “specialness”
> is to be performed. RFC 6761 states that the algorithmic determination is
> *typically* done by looking for a certain suffix (i.e., one or more
> labels). I deliberately did not want RFC 6761 to over-specify this, so as
> to leave the door open for someone smarter than me who might come along in
> the future and propose some new and valid algorithmic determinant that I
> had not anticipated. Clearly a document stating that any name containing
> any label starting with an “x” is now “special” ought to be thrown out by
> the IESG as unreasonable, but there could be other valid ideas beyond my
> current imagination.
>
> >    Note: [RFC6761] mentions the reserved names could be any label in any
> >    random string, not just the rightmost one (or ones).
>
> Can you cite the actual text that says that? I couldn’t find what
> particular text you’re paraphrasing there.
>
> >    What does it mean to have a "non-DNS" entry in the registry
> >    described above?
>
> The answers to the seven questions, and other text in the associated
> protocol specification, are supposed to tell you what it means.
>
> >    Are applications supposed to check that registry to know what to do?
>
> No.
>
> >    Can/Should applications do this check dynamically?
>
> No.
>
> >    What if an application makes this dynamic check and realizes the
> >    name contains a switch it does not know how to treat?
>
> Not applicable. The closest equivalent to the run-time mechanism you’re
> hinting at is something that already exists: The global DNS. Putting in
> authoritative NXDOMAIN results for all appropriate special-use names is the
> best way to achieve the result you want.
>
> >    it is not clear who is responsible for carrying out an
> >    evaluation.  A document which requests additions to the Registry
> >    might be performed by the IESG, by the IAB, by the DNSOP working
> >    group, by an ad-hoc working group, by expert review or any
> >    combination of those approaches.  [RFC6761] provides no direction.
>
> RFC 6761 says:
>
>    When IANA receives a request to record a new "Special-Use Domain
>    Name", it should verify, in consultation with the IESG, that the IETF
>    "Standards Action" or "IESG Approval" document [RFC5226] includes the
>    required "Domain Name Reservation Considerations" section stating how
>    the special meaning of this name affects the behavior of hardware,
>    software, and humans in the seven categories.  If IANA and the IESG
>    determine that special handling of this "Special-Use Domain Name" is
>    appropriate, IANA should record the Special-Use Domain Name, and a
>    reference to the specification that documents it, in the registry.
>
> I confess I has assumed that IANA would designate some person with the
> expertise and experience to evaluate whether “... special handling of this
> "Special-Use Domain Name" is appropriate ...”, much as requests for TCP and
> UDP ports are evaluated. That was my mistake. I should have been explicit
> about the intended review process.
>
> >    For example, is large scale prior deployment an acceptable criteria?
>
> Large scale prior deployment should *not* be required -- that would just
> make squatting a necessary prerequisite for getting a special use name
> assigned. RFC 6761 was intended to provide a legitimate path for proposals
> to be evaluated on technical merit, rather than de facto squatting.
>
> >    Going back to the previous point of prior usage of the protocol, in
> >    the case of LOCALHOST, LOCAL and ONION, those particular domain names
> >    were already in use by a substantial population of end-users at the
> >    time they were requested to be added to the Registry.  Rightly or
> >    not, the practical cost of a transition was argued as a justification
> >    for their inclusion in the registry.
>
> No. The justification for having an entry in the registry was to
> facilitate the desired special behaviour. The particular choice of what
> name went in the registry was influenced by existing usage, but the
> justification for having the entry itself was motivated by the desire for
> special behaviour. If the IETF process went a bit more smoothly, the IETF
> would have more participation in the choice of name *before* it becomes too
> late to easily change that.
>
> As I read it, draft-adpkja-dnsop-special-names-problem seems to focus far
> too intently on the issue names. (But then, that is what ICANN is in the
> business of selling, so maybe it’s not surprising.) The substance of RFC
> 6761 is about enabling special behaviours, and using special names to
> trigger those special behaviours is merely a means to the end. What is
> interesting and important, and worthwhile for the IETF to support, is the
> special behaviours, not the names.
>
> Stuart Cheshire
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to