Re: [DNSOP] Private-use underscored DNS node name

Tue, 03 Jan 2023 15:09:27 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

In this example, there are two services provided by one endpoint, for a total 
of three domain names.

Using "target.example." for the HTTPS record would incorrectly assert that it 
provides an HTTPS service for itself. It would also prevent that domain from 
using HTTPS records for itself with different parameters.

Using another domain, such as "alt.target.example.", would be similarly 
misleading.

RFC 8552 reserves all global underscored node names for use according to an 
IANA registry, and specifies that they are meant to act as attributes for the 
non-underscored parent domain. That makes them ideal for this scenario, except 
that there is no suitable node name assigned: using an unassigned node name 
could cause issues if it is assigned in the future. What I am proposing is 
simply that "_private" be added to the registry, with no meaning beyond 
assuring that IANA will not assign it for something in the future. To put it 
another way, no special meaning will ever be ascribed to it by anyone other 
than the domain holder, and as a result there will never be a collision.

This is basically the same as the "_example" node name that is already 
reserved, except intended for actual use.

target.example. AAAA 2001:db8::
target.example. HTTPS 0 .
_443._tcp.target.example. CNAME local-user._private.target.example.
_443._quic.target.example. CNAME local-user._private.target.example.
local-user._private.target.example. HTTPS 1 
pg6mmjiyjmcrsslvykfwnntlaru7p5svn6y2ymmju6nubxndf4pscryd.onion. alpn="h2"
local-user._private.target.example. HTTPS 2 target.example. alpn="h3,h2"
local-user._private.target.example. TLSA 3 1 1 
8a9a70596e869bed72c69d97a8895dfad86f300a343feceff19e89c27c896bc9

alfa.example. HTTPS 0 local-user._private.target.example.

bravo.example. HTTPS 0 local-user._private.target.example.
-----BEGIN PGP SIGNATURE-----

iMwEARYKAHQWIQST9JhYTT2FVNyHHwCUsC6j0LZIGwUCY7SYaFYYJ2h0dHBzOi8v
b3BlbnBncGtleS5zYWtsYWQ1LmNvbS9maW5nZXJwcmludC9GRERGQzRBNEE2N0Qw
NEVGRkVCOEU0MjQ5Q0EyMTQ5NTgzRURCRjg0JwAKCRCUsC6j0LZIG1DaAQC31elj
44+eHSaC1z7NBsI45Zhk7ZjQDzs6xH5xgchwEgD/QOFWr+j8JqFsWAMbya+CriWZ
6grC3Dg+SxFfE8Y2sgg=
=P1yq
-----END PGP SIGNATURE-----

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to