Hi Lorenzo,
On Wed, 24 Jul 2024, Lorenzo Breda wrote:
Il giorno mer 24 lug 2024 alle ore 22:24 Scott Johnson
<sc...@spacelypackets.com> ha scritto:
> it would
> be break signatures (eg on API payloads and on emails,
Funny you should mention email, as I am in the process of
constructing a
working implementation in a dedicated multi-world simulation
network. I
don't see smtp to be so difficult. The rest of the more
modern functions
tangental to smtp, like DMARC, smtps, etc. can come after
this return to
first principles.
I'm mostly concerned about signatures for integrity check and sender
identity check. PGP and its derivatives, for example (here in Italy we
have the PEC system, a government standard to send emails with
integrated integrity check, it would be broken).
Yay. Now we are getting somewhere... a problem to be solved :)
Let me first consider the problem for a bit. I will come back to you
after a think on this. I am assuming you want this integrity check to
pass when emailing Italian assets on Mars, or when assets on the Moon are
emailing you, and mangling the payload so the user can't click $BADLINK is
the issue. How do these email systems interact with external entities
email systems? As normal? What happens to the integrity check if you
were to send an email to my MTA, which does not support it?
You are suggesting that "leaving the current TLDs implicitly on Earth by
default," as defined below, alleviates this problem?
API payloads? Via what delivery? http(s)? Not breaking
that would come
down to good parsing.
Any delivery, with an integrity signature system.
Fair enough. You want end-to-end integrity, which means no mucking with
the payload, as doing so will break (non?) standardized cryptographic
additions to smtp which are required by law in one jurisdiction? I would
need to understand the mechanism used beyond "emails are signed" to make a
full analysis, but I see the issue.
> and it wouldn't
> work on transmissions which are encrypted on a message
level (encrypted
> documents, emails).
Again, users who are encrypting messages will understand the
"country
code" analogy, IMHO. It is rocket science, after all :)
Still we'll present to the end user a possibly broken URI, exposing them
to phishing and other nasty things.
Again, fair enough.
>
> Why are you against leaving the current TLDs implicitly on
Earth by
> default?
Why do you think I am. Just to be sure, can you expound on
what that
means, exactly? Use only new, discrete TLDs on other
worlds? I have no
problem with that. I have already been willing to back off
a new TLD on
Earth because of the cost/paperwork/etc necessary. Given
that we can map
3rd level domains to the same hierarchy to access off world
resources,
with no change necessary to the terrestrial DNS, it was a
technical
solution that worked and prevented having to run the ICANN
gauntlet
with a dump truck full of cash.
If using local hierarchies is somewhat needed, I'll default the
currently existing TLDs on the Earth, while defining new hierarchies for
the other planets. "org." will be on the Earth, "org.mars." on Mars.
Let me run this through the mental simulator, and see if this breaks any
other parts. I agree that keeping universal uniqueness of TLDs is useful.
That said, while retaining the original TLDs to Earth use only, many other
TLDs would be available for use in the Martian DNS system.
This idea started out with complete, discrete implementations of
"Internet", including dedicated DNS roots, on Mars. Adjustments have been
made along the way to trim off unnecessary replication. It sounds like
you have an idea which can perform such a trim. I appreciate it!
It
would introduce some asymmetry, giving the Earth a special place, but
Earth is indeed special.
Thanks,
Scott
--
Lorenzo Breda
_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org
