comments in-line.
Guangqing Deng
CNNIC
From: Joe Abley
Date: 2014-01-01 06:41
To: Christian Grothoff
CC: hellekin; IETF DNSOP WG; wachs; jacob; Andrew Sullivan
Subject: Re: [DNSOP] More complete review of
draft-grothoff-iesg-special-use-p2p-names-01
>On 2013-12-31, at 15:06, Christian Grothoff <[email protected]> wrote:
>> And again, a key question for me is, if you really want to _encourage_
>> people to _first_ deploy at large scale and _then_ reserve the name.
>You can reserve a name for $10/year, no IETF process required. Less if you
>reserve under an existing domain name.
>The key question for me is, why do any of these uses necessarily require
>reservation of a TLD label, or something that looks like one?
>If (to take an example at random) Tor users could make use of names outside of
>the DNS that look like DNS names under a .ONION TLD, why could they not just
>as easily make use of >names that end in ONION.EFF.ORG?
Another factor may be the resolution delay, if real-time is really very
important for those so called P2P applications. Usually in the hierachical DNS
system, the resolution delay of domain names like EXAMPLE.ONION is less than
that of those like EXAMPLE.ONION.EFF.ORG. So maybe we should consider more
about does the TLD (like .ONION) is really needed?
>The general answer to this question (in the DNS world) is that names will
>appear in television ads and billboard posters, and hence need to be short and
>memorable. I'm not sure how >convincing that answer is (time will tell, I
>guess) but it seems less convincing for naming schemes that involve
>easily-typo'd, long hexadecimal strings as interior labels. These are
>>presumably not intended for direct entry by users. Where is the need for a
>pithy TLD?
>If the answer is "well, it wasn't done that way, and there's a huge deployed
>base" then I would take the time to consider migration strategies away from
>schemes that seem to involve top->level DNS labels towards schemes that don't.
>It's inevitable that these names will leak to the DNS, and those leaks will be
>easier to mitigate the further the names are from the DNS root.
>> I expect that this MAY happen, but if the draft is accepted, one
>> of our goals is to explicitly authorize DNS operators to prevent
>> this. Right now, a well-configured, 100% RFC-compliant DNS resolver
>> MUST pass a request for ".onion" to the root. With this draft, we
>> want to explicitly ALLOW 100% RFC-compliant DNS resolvers to instead
>> immediately return NXDOMAIN and thus avoid the security and performance
>> implications of leaking such queries to the root.
>The IETF is not the resolver police. Resolver operators mitigate weird
>problems with approaches like this all the time. It's a mistake to imagine
>that a blessing enshrined in a document >published by the IETF will
>immediately trigger changes in deployed infrastructure, or that deployed
>infrastructure is being hamstrung by the lack of such a blessing.
>Consider, however, the different degrees of chaos that might result from:
>(a) instruct all the resolver operators in the world to maintain configuration
>that special-cases a growing list of DNS names. or
>(b) chose your naming scheme (again, think ONION.EFF.ORG) such that the
>NXDOMAINs, negative caching, sinkholing, whatever can be controlled by someone
>who cares about Tor (the >EFF.ORG administrator) without requiring any special
>handling elsewhere.
>Option (b) is much more friendly to the Internet.
>Joe
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
