Re: Services and top-level DNS names (was: Re: Update of RFC 2606
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Services and top-level DNS names (was: Re: Update of RFC 2606
> >> As someone else pointed out, there are currently about two dozen TLDs with
> >> A or MX records at the apex. Some of them have been like that for many
> >> years, and as best I can tell, the Internet has not thereby collapsed.
> >
> > How many label our hosts with two letter domain names?
>
> Beats me, but since there are several hundred TLDs, it seems to me that
> the chances are pretty low that everyone in the world has managed to avoid
> using them as host names.
>
> > Do you have any evidence that they have not caused problems?
>
> Hey, you're the one claiming that there's a global disaster in progress of
> which nobody seems to be aware. If there's evidence, tell us about it.
>
> > I suspect that other sites that used the names just put up
> > with the pain of renamimg hosts along with the resultant
> > risk of email being misdirected.
>
> Perhaps you could start by asking people at ai.mit.edu how long their mail
> has been unusable.
The problem is that user at ai is not globally unique.
MIT users will have problems talk to user at ai when "ai" means
Anguilla. The is a current security issue.
If / when MIT stop using ai.mit.edu, "user at ai" will not longer
mean user at ai.mit.edu. This will mean that any configuration file
that has "user at ai" will now, suddenly, get a different meaning.
This is a latent security issue.
> Look, we all know there's an unlimited number of ways one can screw up
mail and web configuration. If you put an underscore in the name of a web
> server, as often as not it sort of works even though it's flatly forbidden
> by RFCs. Or if you put an @ or % character in the local part of your
> e-mail address, it'll fail allFrom ietf-bounces at ietf.org Sun Jul 6 17:30:25 2008
Return-Path: <ietf-bounces at ietf.org>
X-Original-To: ietf-archive at megatron.ietf.org
Delivered-To: ietfarch-ietf-archive at core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id AACAE3A676A;
Sun, 6 Jul 2008 17:30:25 -0700 (PDT)
X-Original-To: ietf at core3.amsl.com
Delivered-To: ietf at core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id 2CB6E3A6765
for <ietf at core3.amsl.com>; Sun, 6 Jul 2008 17:30:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.3
X-Spam-Level:
X-Spam-Status: No, score=-3.3 tagged_above=-999 required=5 tests=[AWL=1.300,
BAYES_00=-2.599, GB_I_LETTER=-2]
Received: from mail.ietf.org ([64.170.98.32])
by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id ShyR6o9g6wG6 for <ietf at core3.amsl.com>;
Sun, 6 Jul 2008 17:30:23 -0700 (PDT)
Received: from drugs.dv.isc.org (drugs.dv.isc.org
[IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc])
by core3.amsl.com (Postfix) with ESMTP id 999CF3A6807
for <ietf at ietf.org>; Sun, 6 Jul 2008 17:30:22 -0700 (PDT)
Received: from drugs.dv.isc.org (localhost [127.0.0.1])
by drugs.dv.isc.org (8.14.2/8.14.2) with ESMTP id m670UIR1073241;
Mon, 7 Jul 2008 10:30:19 +1000 (EST)
(envelope-from marka at drugs.dv.isc.org)
Message-Id: <200807070030.m670UIR1073241 at drugs.dv.isc.org>
To: John Levine <johnl at iecc.com>
From: Mark Andrews <Mark_Andrews at isc.org>
Subject: Re: Services and top-level DNS names (was: Re: Update of RFC 2606
In-reply-to: Your message of "Sat, 05 Jul 2008 09:00:36 -0400."
<alpine.BSF.1.10.0807050837350.57756 at simone.iecc.com>
Date: Mon, 07 Jul 2008 10:30:18 +1000
Cc: ietf at ietf.org
X-BeenThere: ietf at ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>,
<mailto:ietf-request at ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf at ietf.org>
List-Help: <mailto:ietf-request at ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>,
<mailto:ietf-request at ietf.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces at ietf.org
Errors-To: ietf-bounces at ietf.org
> >> As someone else pointed out, there are currently about two dozen TLDs with
> >> A or MX records at the apex. Some of them have been like that for many
> >> years, and as best I can tell, the Internet has not thereby collapsed.
> >
> > How many label our hosts with two letter domain names?
>
> Beats me, but since there are several hundred TLDs, it seems to me that
> the chances are pretty low that everyone in the world has managed to avoid
> using them as host names.
>
> > Do you have any evidence that they have not caused problems?
>
> Hey, you're the one claiming that there's a global disaster in progress of
> which nobody seems to be aware. If there's evidence, tell us about it.
>
> > I suspect that other sites that used the names just put up
> > with the pain of renamimg hosts along with the resultant
> > risk of email being misdirected.
>
> Perhaps you could start by asking people at ai.mit.edu how long their mail
> has been unusable.
The problem is that user at ai is not globally unique.
MIT users will have problems talk to user at ai when "ai" means
Anguilla. The is a current security issue.
If / when MIT stop using ai.mit.edu, "user at ai" will not longer
mean user at ai.mit.edu. This will mean that any configuration file
that has "user at ai" will now, suddenly, get a different meaning.
This is a latent security issue.
> Look, we all know there's an unlimited number of ways one can screw up
mail and web configuration. If you put an underscore in the name of a web
> server, as often as not it sort of works even though it's flatly forbidden
> by RFCs. Or if you put an @ or % character in the local part of your
> e-mail address, it'll fail all over th over the place even though the RFCs say
> that's fine.
I don't condone those actions.
If I see someone using underscore in a hostname I tell them
that they have made a error.
As for the % hack. That should only be processed by the
machines handling the domain to the right of the @ sign.
If I saw a machine mishandling it I would complain to the
owner of the broken machine.
Similarly if "foo at bar"@domain failed I'd complain to owner
of the machine that is broken.
> Why is this particular configuration issue so uniquely awful that the IETF
> and ICANN need to tie themselves up in knots about it? ICANN has plenty
> of real problems on its plate, like registrars who steal people's names
> and won't give them back. This isn't one of them.
This is worse.
The owner of a domain name that has been stolen can go to
the courts to get it back. The have a remedy path outside
of ICANN.
This is a fundemental attack on the communication infrastruction
of the Internet which is predicated on there being globally
unique names. It needs to be nipped in the bud before it
gets too bad.
Mark
> Regards,
> John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies
> ",
> Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
> "More Wiener schnitzel, please", said Tom, revealingly.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www.ietf.org/mailman/listinfo/ietf
e place even though the RFCs say
> that's fine.
I don't condone those actions.
If I see someone using underscore in a hostname I tell them
that they have made a error.
As for the % hack. That should only be processed by the
machines handling the domain to the right of the @ sign.
If I saw a machine mishandling it I would complain to the
owner of the broken machine.
Similarly if "foo at bar"@domain failed I'd complain to owner
of the machine that is broken.
> Why is this particular configuration issue so uniquely awful that the IETF
> and ICANN need to tie themselves up in knots about it? ICANN has plenty
> of real problems on its plate, like registrars who steal people's names
> and won't give them back. This isn't one of them.
This is worse.
The owner of a domain name that has been stolen can go to
the courts to get it back. The have a remedy path outside
of ICANN.
This is a fundemental attack on the communication infrastruction
of the Internet which is predicated on there being globally
unique names. It needs to be nipped in the bud before it
gets too bad.
Mark
> Regards,
> John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies
> ",
> Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
> "More Wiener schnitzel, please", said Tom, revealingly.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www.ietf.org/mailman/listinfo/ietf
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
