Hi Joe, Dave, Christian, John, George, and others,
Thank you for taking the volume down a notch. It is much appreciated.
The ISE is looking for a way to have the work of the GNS published such
that I am comfortable that if it achieves wild success (RFC 5218), its
use is reasonably safe. I use squishy words like “comfortable” and
“reasonably safe”, because nobody here (especially me and including the
researchers) has enough experience with the mechanisms involved to fully
understand the security properties of this new namespace.
From a researcher perspective, they would surely want to see their work
used, and that implies a few things in general:
1. Ease of implementation: ability to re-use code, including all of the
parsers we have that handle DNS names, I18N, etc.
2. Ease of deployment: ability to use whatever application and OS
interfaces such as nsswitch.conf, a plugin in a browser, etc.
3. A means to interface with the rest of the world, occasionally
interacting with DNS.
Syntax changes, such as those John and others suggested (in fact I put
this forward to the authors as an option), really don't advance the
above goals. But it is these very properties that gives rise to
concerns around conflicts, leakage, and ambiguities, and all the
assorted pain that RFC 8244 catalogs.
The community has more choices than Christian indicated. One is that
“You” carve out some space for namespaces like GNS, just as George
suggested. Warren's draft seems to comport itself to contours of that
concept, which is why I came here. Also, the authors of
draft-schanzen-gns seem to think that it is close to something they
could use to be willing to engage here. It also seems to me that such a
draft is, roughly speaking, in line with the general principles of
SSAC-113, as Andrew alluded, even if that document had the different
goal of enabling privately or locally scoped namespaces. Of course,
there may be other approaches.
I caution against those approaches that would set such a high bar that
they would require researchers to fork out hundreds of thousands of
dollars on application fees alone plus who knows how much else for, as
someone else wrote, an uncertain outcome. They'll simply go elsewhere.
That in itself would encourage squatting (or whatever you want to call
it). The benefits of avoiding squatting accrue not only to those
researchers, but to those who use their technology, and others as well.
I put “You” in quotes above, because (a) it's not me who will decide
these lofty issues, and I also don't get to decide who will. The ISE
only gets to decide about whether or not to publish the GNS draft as an
RFC. If the argument is truly over who “You” is rather than the
solution, your friendly neighborhood ISE requests that You work that out
in such a way that these researchers don't get caught in the switches.*
If that requires one last invocation of 6761 or whatever else, then
please consider it. Let's call August “Be Kind to Namespace Researchers
Month”!
Regards,
Eliot
* Ironically, when I typed "caught in the switches expression origin"
into Google, one of the responses was a link to the Wikipedia entry for
"Halt and Catch Fire". Let's not let that happen here either ;-)
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
