On Mon, Feb 25, 2013 at 10:10:55AM -0800, Doug Barton wrote:
> Brian,
>
> This may be a silly question, but what's your goal here? Your OP was
> about terminology, but the thread has gone down several different
> off-topic ratholes.
That was indeed by original goal, and there have been a couple
- Original Message -
> From: "Brian Reichert"
> On Mon, Feb 25, 2013 at 12:18:00PM -0500, Jay Ashworth wrote:
> > If I understood Brian correctly, his problem is that people/programs
> > are trying to retrieve things from, eg:
> >
> > https://my.host.name./this/is/a/path
> >
> > and the S
On 02/25/2013 09:49 AM, Brian Reichert wrote:
On Mon, Feb 25, 2013 at 12:18:00PM -0500, Jay Ashworth wrote:
If I understood Brian correctly, his problem is that people/programs
are trying to retrieve things from, eg:
https://my.host.name./this/is/a/path
and the SSL library fails the certificat
On Mon, Feb 25, 2013 at 12:18:00PM -0500, Jay Ashworth wrote:
> If I understood Brian correctly, his problem is that people/programs
> are trying to retrieve things from, eg:
>
> https://my.host.name./this/is/a/path
>
> and the SSL library fails the certificate match if the cert doesn't contain
>
On Feb 25, 2013, at 9:18 AM, Jay Ashworth wrote:
> - Original Message -
>> From: "Owen DeLong"
>
>> However, that's for the resolver library. In terms of matching the CN
>> in a certificate, this should always be FQDN and the trailing dot
>> should not be present. If OpenSSL (the comma
- Original Message -
> From: "Owen DeLong"
> However, that's for the resolver library. In terms of matching the CN
> in a certificate, this should always be FQDN and the trailing dot
> should not be present. If OpenSSL (the command line tool) is passing
> foo.blah.com. to the SSL function
On 02/25/2013 11:47 AM, Owen DeLong wrote:
On Feb 25, 2013, at 6:30 AM, Brian Reichert wrote:
On Sun, Feb 24, 2013 at 12:10:20AM +1100, Mark Andrews wrote:
When I did my initial development with OpenSSL, I observed:
- If I did not have the rooted domain name in the SAN, then any SSL
client
On Feb 25, 2013, at 6:30 AM, Brian Reichert wrote:
> On Sun, Feb 24, 2013 at 12:10:20AM +1100, Mark Andrews wrote:
>>> When I did my initial development with OpenSSL, I observed:
>>>
>>> - If I did not have the rooted domain name in the SAN, then any SSL
>>> client stack would fail the verific
On Sun, Feb 24, 2013 at 12:10:20AM +1100, Mark Andrews wrote:
> > When I did my initial development with OpenSSL, I observed:
> >
> > - If I did not have the rooted domain name in the SAN, then any SSL
> > client stack would fail the verification if a rooted domain name
> > was used to connect
t; To: nanog@nanog.org
> Subject: Re: looking for terminology recommendations concerning non-rooted
> FQDNs
>
> On Fri, Feb 22, 2013 at 10:26:58PM -0600, Jimmy Hess wrote:
> >
> > No trailing dot allowed; "each domain label starting and ending with
> > an alpha
On Fri, Feb 22, 2013 at 10:26:58PM -0600, Jimmy Hess wrote:
>
> No trailing dot allowed; "each domain label starting and ending with
> an alphanumerical character";
Note, however, that the URI specification actually contemplates the
possibility of the host part being a dom-spec, and the names in
In message <24339470.6878.1361551954109.javamail.r...@benjamin.baylink.com>, Ja
y Ashworth writes:
> - Original Message -
> > From: "Mark Andrews"
>
> > RFC 952 as modified by RFC 1123 describe the legal syntax of a
> > hostname. There is no trailing period.
>
> May someone create a "co
For what it is worth I argued for removal of support for partially
qualified domain names when looking at resolving the issues in RFC
1535. "ndots" was the compromise.
I also argued for searches stopping on nodata responses.
I felt and continue to feel both of these are security issues. If
RFC
In message <30545475.6952.1361592063875.javamail.r...@benjamin.baylink.com>, Ja
y Ashworth writes:
> - Original Message -
> > From: "Cutler James R"
>
> > A domain name without a terminal dot is a relative domain name.
> > -- An application requesting name to address translation gets to
In message <97006e8c-d3bd-4ced-b814-fc880130f...@email.android.com>, Jay Ashwor
th writes:
> So, should browsers send absolute host names in http/1.1 requests, and should
> n't servers strip the trailing dot if they get one?
>
> I vote No and Yes, resp.
Yes. Note that doesn't mean with a traili
In message <2013015502.gd99...@numachi.com>, Brian Reichert writes:
> On Fri, Feb 22, 2013 at 12:41:33PM -0500, Jay Ashworth wrote:
> > My snap reaction is to say that nothing should ever be *trying* to
> > compare a rooted F.Q.D.N. against a certificate; it is, as has been
> > noted, merely c
- Original Message -
> From: "Jimmy Hess"
> RFC103 5.1 is correct in the context of a DNS zonefile.
> In other contexts, however, a domain is absolute without a trailing
> dot.
If that can be nailed down authoritatively, then it will answer my
followup questions, and at least locate the
On 2/22/13, Jay Ashworth wrote:
RFC103 5.1 is correct in the context of a DNS zonefile.
In other contexts, however, a domain is absolute without a trailing dot.
One example, would be in the case of the SMTP protocol, where
hostnames are required to _always_ be absolute.
In various common con
- Original Message -
> From: "Cutler James R"
> A domain name without a terminal dot is a relative domain name.
> -- An application requesting name to address translation gets to
> decide if a search list is to be used, including the default of dot.
>
> A domain name with a terminal dot
A domain name without a terminal dot is a relative domain name.
-- An application requesting name to address translation gets to decide if a
search list is to be used, including the default of dot.
A domain name with a terminal dot is a Fully Qualified Domain Name.
-- An application requesti
On 2/21/13, Mark Andrews wrote:
> RFC 952 as modified by RFC 1123 describe the legal syntax of a hostname.
> There is no trailing period.
A hostname is not a domain name, the hostname is just a label, and
has stricter syntax than is allowed in a DNS label; however: When
hostnames are represente
http://domainincite.com/page/5?s=right+of+the+dot
--
-Barry Shein
The World | b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada
Software Tool & Die| Public Access Internet | SINCE 1
Yrs, but he wanted the retronym for domain names not containing one, not the
dot.
Absolute and relative domain names, as Joe and 1035 said.
Rich Kulawiec wrote:
>On Fri, Feb 22, 2013 at 05:19:03PM +1100, Karl Auer wrote:
>> It's a convention common enough and useful enough that I can see why
On Fri, Feb 22, 2013 at 06:12:41PM -0500, Brian Reichert wrote:
> The spec for a URL also calls out what constitutes a hostname, and
> I've yet to see a HTTP client that trips over a rooted domain name.
Well, RFC 3986 (URI) explicitly allows the final dot. See the section
on reg-name in section 3
Well, the followup question is: are absolute host names "real", or /solely/
hint to the local resolver not to search-list?
I will reread 1035 later tonight ...
Brian Reichert wrote:
>On Fri, Feb 22, 2013 at 05:46:27PM -0500, Jay Ashworth wrote:
>> So, should browsers send absolute host names i
On Fri, Feb 22, 2013 at 03:30:57PM -0800, Geoffrey Keating wrote:
> This is clarified in RFC 3280:
>
>When the subjectAltName extension contains a domain name system
>label, the domain name MUST be stored in the dNSName (an IA5String).
>The name MUST be in the "preferred name syntax,"
On Fri, Feb 22, 2013 at 05:46:27PM -0500, Jay Ashworth wrote:
> So, should browsers send absolute host names in http/1.1 requests, and
> shouldn't servers strip the trailing dot if they get one?
>
> I vote No and Yes, resp.
The first question is tough, only because of the depth of the
exatblishe
On Fri, Feb 22, 2013 at 05:19:03PM +1100, Karl Auer wrote:
> It's a convention common enough and useful enough that I can see why
> people would want a handy term for it.
How about "stopdot"? Seems to cover the function and the form.
---rsk
So, should browsers send absolute host names in http/1.1 requests, and
shouldn't servers strip the trailing dot if they get one?
I vote No and Yes, resp.
Brian Reichert wrote:
>On Fri, Feb 22, 2013 at 05:21:02PM -0500, Jay Ashworth wrote:
>> In short, "yes, Jay, I do". Got it. :-)
>
>:)
>
>>
On Fri, Feb 22, 2013 at 05:21:02PM -0500, Jay Ashworth wrote:
> In short, "yes, Jay, I do". Got it. :-)
:)
> You saw Joe's second reply?
Apparently, I lost track of that while writing this up. :)
--
Brian Reichert
BSD admin/developer at large
On Fri, Feb 22, 2013 at 02:10:02PM -0800, Eric Brunner-Williams wrote:
> just keep in mind that while "." ought to be a label separator, the
> utc's bidi algorithm allows the directionality of a label to "leak"
> across the "period" character, where it is not a terminal character.
Yes, this is tr
In short, "yes, Jay, I do". Got it. :-)
You saw Joe's second reply?
Brian Reichert wrote:
>On Fri, Feb 22, 2013 at 12:41:33PM -0500, Jay Ashworth wrote:
>> My snap reaction is to say that nothing should ever be *trying* to
>> compare a rooted F.Q.D.N. against a certificate; it is, as has been
On Fri, Feb 22, 2013 at 12:41:33PM -0500, Jay Ashworth wrote:
> My snap reaction is to say that nothing should ever be *trying* to
> compare a rooted F.Q.D.N. against a certificate; it is, as has been
> noted, merely command line/entry field shorthand to tell the local
> resolver where to quit; app
On 2/22/13 11:01 AM, Andrew Sullivan wrote:
> Without getting into metaphysics, we can think of the dot in the
> presentation format as representing the separators in the wire
> format. In the wire format, of course, these separators are octets
> that indicate the size of the next label. And sinc
On Fri, Feb 22, 2013 at 01:39:21PM -0500, Jay Ashworth wrote:
> but since the dot is a separator (I believe by definition), if it exists
> at the end, it has to be separating *something*.
>
Without getting into metaphysics, we can think of the dot in the
presentation format as representing the se
On 2013-02-22, at 14:39, Jay Ashworth wrote:
>>> In fact, Joe, I think it's distinguishing your second case from "a label
>>> string which is intended to reference a rooted FQDN, but the user did not
>>> specify the trailing dot -- and yet still does not want a search path
>>> applied"...
>>
>>
- Original Message -
> From: "Joe Abley"
> > In fact, Joe, I think it's distinguishing your second case from "a label
> > string which is intended to reference a rooted FQDN, but the user did not
> > specify the trailing dot -- and yet still does not want a search path
> > applied"...
>
Jay,
On 2013-02-22, at 14:20, Jay Ashworth wrote:
>> Actually, I think the problem is the confusion between a label string
>> terminated in a dot (to indicate that no search domain should be
>> appended) and a label string not so-terminated (which might mean that
>> a search domain is attempted,
- Original Message -
> From: "Joe Abley"
> Actually, I think the problem is the confusion between a label string
> terminated in a dot (to indicate that no search domain should be
> appended) and a label string not so-terminated (which might mean that
> a search domain is attempted, depen
On 2013-02-22, at 14:01, Andrew Sullivan wrote:
> On Fri, Feb 22, 2013 at 04:57:42PM +1100, Mark Andrews wrote:
>>
>> RFC 952 as modified by RFC 1123 describe the legal syntax of a hostname.
>> There is no trailing period.
>
> Mark is of course correct about this, but it doesn't fully help.
>
On Fri, Feb 22, 2013 at 04:57:42PM +1100, Mark Andrews wrote:
>
> RFC 952 as modified by RFC 1123 describe the legal syntax of a hostname.
> There is no trailing period.
Mark is of course correct about this, but it doesn't fully help.
The basic problem is (as always) the confusion about the diff
- Original Message -
> From: "Brian Reichert"
> The core issue I'm trying to resolve surrounds the generation of a
> CSR. We're trying automate this process for a network appliance
> my employer sells.
>
> When our appliance generates a CSR for itself, among the steps is
> to get a PTR r
On Fri, Feb 22, 2013 at 05:19:03PM +1100, Karl Auer wrote:
> It's a convention common enough and useful enough that I can see why
> people would want a handy term for it.
The core issue I'm trying to resolve surrounds the generation of a
CSR. We're trying automate this process for a network appli
- Original Message -
> From: "Mark Andrews"
> RFC 952 as modified by RFC 1123 describe the legal syntax of a
> hostname. There is no trailing period.
May someone create a "com" subdomain in a DNS domain you have to work in,
Mark.
Or *course* the trailing dot matters, even if only due to
On Fri, 2013-02-22 at 16:57 +1100, Mark Andrews wrote:
> RFC 952 as modified by RFC 1123 describe the legal syntax of a hostname.
> There is no trailing period.
No - but a trailing period is a (common?) way to indicate that the name
as given is complete, so in a lot of contexts a trailing period i
In message <20130221225540.ga99...@numachi.com>, Brian Reichert writes:
> I'm trying to nail down some terminology for doc purposes.
>
> The issue: most resources on the net freely describe a fully-qualified
> domian name ('FQDN') as to exclude the root domain; i.e, they exclude
> the trailing do
46 matches
Mail list logo
