| < draft-ietf-dnsop-alt-tld-07.txt | draft-ietf-dnsop-alt-tld-08.txt > | |||
|---|---|---|---|---|
| dnsop W. Kumari | dnsop W. Kumari | |||
| Internet-Draft Google | Internet-Draft Google | |||
| Intended status: Informational A. Sullivan | Intended status: Informational A. Sullivan | |||
| Expires: August 5, 2017 Dyn | Expires: September 4, 2017 Dyn | |||
| February 1, 2017 | March 3, 2017 | |||
| The ALT Special Use Top Level Domain | The ALT Special Use Top Level Domain | |||
| draft-ietf-dnsop-alt-tld-07 | draft-ietf-dnsop-alt-tld-08 | |||
| Abstract | Abstract | |||
| This document reserves a string (ALT) to be used as a TLD label in | This document reserves a string (ALT) to be used as a TLD label in | |||
| non-DNS contexts, or for names that have no meaning in a global | non-DNS contexts. It also provides advice and guidance to developers | |||
| context. It also provides advice and guidance to developers | developing alternative namespaces. | |||
| developing alternate namespaces. | ||||
| [Ed note: Text inside square brackets ([]) is additional background | [Ed note: Text inside square brackets ([]) is additional background | |||
| information, answers to frequently asked questions, general musings, | information, answers to frequently asked questions, general musings, | |||
| etc. They will be removed before publication.This document is being | etc. They will be removed before publication. This document is | |||
| collaborated on in Github at: https://github.com/wkumari/draft- | being collaborated on in Github at: https://github.com/wkumari/draft- | |||
| wkumari-dnsop-alt-tld. The most recent version of the document, open | wkumari-dnsop-alt-tld. The most recent version of the document, open | |||
| issues, etc should all be available here. The authors (gratefully) | issues, etc should all be available here. The authors (gratefully) | |||
| accept pull requests. NOTE: This document is currently a parked WG | accept pull requests. ] | |||
| document -- as such, all changes are being handled in GitHub and a | ||||
| new version will be posted once unparked. | ||||
| It had been suggested (off-list) that the draft should contain <TBD> | ||||
| instead of .ALT, and then make the WG choose a string before | ||||
| publication. A version of the draft like this was published on | ||||
| GitHub (https://github.com/wkumari/draft-wkumari-dnsop-alt-tld/ | ||||
| tree/7988fcf06100f7a17f21e6993b781690b5774472) (and generated no | ||||
| feedback). This version reverts to .ALT -- the chairs stated that | ||||
| the document was adopted with the string .alt, it has been discussed | ||||
| as .alt. IMO, it is more readable as .alt; it would also be a | ||||
| difficult consensus call, boiling down to beauty contests. If the WG | ||||
| selects a different string ("not-dns" had been suggested in the | ||||
| past), the editors will, of course, replace it. ] | ||||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on August 5, 2017. | This Internet-Draft will expire on September 4, 2017. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2017 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 3 | 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 2 | |||
| 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. The ALT namespace . . . . . . . . . . . . . . . . . . . . . . 4 | 3. The ALT namespace . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3.1. Choice of the ALT Name . . . . . . . . . . . . . . . . . 5 | 3.1. Choice of the ALT Name . . . . . . . . . . . . . . . . . 5 | |||
| 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 | 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 4.1. Domain Name Reservation Considerations . . . . . . . . . 5 | 4.1. Domain Name Reservation Considerations . . . . . . . . . 5 | |||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . 6 | 5. Privacy Considerations . . . . . . . . . . . . . . . . . . . 6 | |||
| 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | |||
| 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 7.1. Normative References . . . . . . . . . . . . . . . . . . 7 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 7.2. Informative References . . . . . . . . . . . . . . . . . 7 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 7 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 8 | ||||
| Appendix A. Changes / Author Notes. . . . . . . . . . . . . . . 8 | Appendix A. Changes / Author Notes. . . . . . . . . . . . . . . 8 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 1. Introduction | 1. Introduction | |||
| Many protocols and systems need to name entities. Names that look | Many protocols and systems need to name entities. Names that look | |||
| like DNS names (a series of labels separated with dots) have become | like DNS names (a series of labels separated with dots) have become | |||
| common, even in systems that are not part of the global DNS | common, even in systems that are not part of the global DNS | |||
| administered by IANA. | administered by IANA. This document reserves the label "ALT" (short | |||
| for "Alternative") as a Special Use Domain ([RFC6761]). This label | ||||
| This document reserves the label "ALT" (short for "Alternate") as a | is intended to be used as the final (rightmost) label to signify that | |||
| Special Use Domain ([RFC6761]). This label is intended to be used as | the name is not rooted in the DNS, and that should not be resolved | |||
| the final (rightmost) label to signify that the name is not rooted in | using the DNS protocol. | |||
| the DNS, and that normal registration and lookup rules do not apply. | ||||
| 1.1. Requirements notation | 1.1. Requirements notation | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||
| 1.2. Terminology | 1.2. Terminology | |||
| This document assumes familiarity with DNS terms and concepts. | This document assumes familiarity with DNS terms and concepts. | |||
| Please see [RFC1034] for background and concepts, and [RFC7719] for | Please see [RFC1034] for background and concepts, and [RFC7719] for | |||
| terminology. Readers are also expected to be familiar with the | terminology. Readers are also expected to be familiar with the | |||
| discussions in [I-D.ietf-dnsop-sutld-ps] | discussions in [I-D.ietf-dnsop-sutld-ps] | |||
| o DNS name: Domain names that are intended to be used with DNS | o DNS name: Domain names that are intended to be used with DNS | |||
| resolution, either in the global DNS or in some other context | resolution, either in the global DNS or in some other context | |||
| o DNS context: The namespace anchored at the globally-unique DNS | o DNS context: The namespace anchored at the globally-unique DNS | |||
| root. This is the namespace or context that "normal" DNS uses. | root. This is the namespace or context that "normal" DNS uses. | |||
| o non-DNS context: Any other (alternate) namespace. | o non-DNS context: Any other (alternative) namespace. | |||
| o pseudo-TLD: A label that appears in a fully-qualified domain name | o pseudo-TLD: A label that appears in a fully-qualified domain name | |||
| in the position of a TLD, but which is not registered in the | in the position of a TLD, but which is not registered in the | |||
| global DNS. This term is in no way intended to be pejorative. | global DNS. This term is not intended to be pejorative. | |||
| o TLD: The last visible label in either a fully-qualified domain | o TLD: The last visible label in either a fully-qualified domain | |||
| name or a name that is qualified relative to the root. See the | name or a name that is qualified relative to the root. See the | |||
| discussion in Section 2. | discussion in Section 2. | |||
| 2. Background | 2. Background | |||
| The success of the DNS makes it a natural starting point for systems | The success of the DNS makes it a natural starting point for systems | |||
| that need to name entities in a non-DNS context. | that need to name entities in a non-DNS context. | |||
| In many cases, these systems build a DNS-style tree parallel to, but | In many cases, these systems build a DNS-style tree parallel to, but | |||
| separate from, the global DNS. They often use a pseudo-TLD to cause | separate from, the global DNS. They often use a pseudo-TLD to cause | |||
| resolution in the alternate namespace, using browser plugins, shims | resolution in the alternative namespace, using browser plugins, shims | |||
| in the name resolution process, or simply applications that perform | in the name resolution process, or simply applications that perform | |||
| special handling of this particular alternate namespace. An example | special handling of this particular alternative namespace. An | |||
| of such a system is the Tor network's [Dingledine2004] use of the | example of such a system is the Tor network's [Dingledine2004] use of | |||
| ".onion" Special-Use Top-Level Domain Name (see [RFC7686]). | the ".onion" Special-Use Top-Level Domain Name (see [RFC7686]). | |||
| In many cases, the creators of these alternative namespaces have | In many cases, the creators of these alternative namespaces have | |||
| chosen a convenient or descriptive string and started using it. | chosen a convenient or descriptive string and started using it. | |||
| These strings are not registered anywhere nor are they part of the | These strings are not registered anywhere nor are they part of the | |||
| DNS. However, to users and to some applications they appear to be | DNS. However, to users and to some applications they appear to be | |||
| TLDs; and issues may arise if they are looked up in the DNS. | TLDs; and issues may arise if they are looked up in the DNS. This | |||
| document suggests that name resolution libraries (stub resolvers) | ||||
| An alternate name resolution system might be specifically designed to | recognize names ending in ".alt" as special, and not attempt to look | |||
| provide confidentiality of the looked up name, and to provide a | them up using the DNS protocol in order to limit the effects of | |||
| distributed and censorship-resistant namespace. This goal would | queries accidentally leaking into the DNS. | |||
| necessarily be defeated if the queries leak into the DNS, because the | ||||
| attempt to look up the name would be visible to the operators of root | ||||
| name servers at a minimum as well as to any entity viewing the DNS | ||||
| lookups going to the root nameservers. | ||||
| The techniques in this document are primarily intended to address the | The techniques in this document are primarily intended to address the | |||
| "Experimental Squatting Problem", the "Land Rush Problem" and "Name | "Experimental Squatting Problem", the "Land Rush Problem" and "Name | |||
| Collisions" issues discussed in [I-D.ietf-dnsop-sutld-ps] (whiich | Collisions" issues discussed in [I-D.ietf-dnsop-sutld-ps] (which | |||
| contains much additional background, etc). | contains much additional background, etc). | |||
| 3. The ALT namespace | 3. The ALT namespace | |||
| This document reserves the ALT label, using the [RFC6761] process, | This document reserves the ALT label, using the [RFC6761] process, | |||
| for use as an unmanaged pseudo-TLD namespace. The ALT label MAY be | for use as an unmanaged pseudo-TLD namespace. The ALT label MAY be | |||
| used in any domain name as a pseudo-TLD to signify that this is an | used in any domain name as a pseudo-TLD to signify that this is an | |||
| alternate (non-DNS) namespace, and should not be looked up in a DNS | alternative (non-DNS) namespace, and should not be looked up in a DNS | |||
| context. | context. | |||
| Alternative namespaces should differentiate themselves from other | Alternative namespaces should differentiate themselves from other | |||
| alternate namespaces by choosing a name and using it in the label | alternative namespaces by choosing a name and using it in the label | |||
| position just before the pseudo-TLD (ALT). For example, a group | position just before the pseudo-TLD (ALT). For example, a group | |||
| wishing to create a namespace for Friends Of Olaf might choose the | wishing to create a namespace for Friends Of Olaf might choose the | |||
| string "foo" and use any set of labels under foo.alt. | string "foo" and use any set of labels under foo.alt. | |||
| As they are in an alternative namespace, they have no significance in | As names beneath ALT are in an alternative namespace, they have no | |||
| the regular DNS context and so should not be looked up in the DNS | significance in the regular DNS context and so should not be looked | |||
| context. Some of these requests will inevitably leak into the DNS | up in the DNS context. | |||
| context (for example, because of clicks on a link in a browser that | ||||
| does not have a extension installed that implements the alternate | ||||
| namespace resolution), and so the ALT TLD has been added to the | ||||
| "Locally Served DNS Zones" ( [RFC6303]) registry to limit how far | ||||
| these flow. | ||||
| Groups wishing to create new alternate namespaces MAY create their | Groups wishing to create new alternative namespaces may create their | |||
| alternate namespace under a label that names their namespace under | alternative namespace under a label that names their namespace under | |||
| the ALT label. They SHOULD choose a label that they expect to be | the ALT label. They should attempt to choose a label that they | |||
| unique and, ideally, descriptive. There is no IANA controlled | expect to be unique and, ideally, descriptive. There is no IANA | |||
| registry for names under the ALT TLD - it is an unmanaged namespace, | registry for names under the ALT TLD - it is an unmanaged namespace, | |||
| and developers are responsible for dealing with any collisions that | and developers are responsible for dealing with any collisions that | |||
| may occur under .alt. Informal lists of namespaces under .alt may | may occur under .alt. Informal lists of namespaces under .alt may | |||
| appear to assist the developer community. | appear to assist the developer community. | |||
| [Editor note (to be removed before publication): There was | [Editor note (to be removed before publication): There was | |||
| significant discussion on an IANA registry for the ALT namespace - | significant discussion on an IANA registry for the ALT namespace - | |||
| please consult the lists for full thread, but the consensus was that | please consult the lists for full thread, but the consensus was that | |||
| it would be better for the IETF / IANA to not administer a registry | it would be better for the IETF / IANA to not administer a registry | |||
| for this. It is expected one or more unofficial lists will be | for this. It is expected one or more unofficial lists will be | |||
| skipping to change at page 5, line 34 ¶ | skipping to change at page 5, line 18 ¶ | |||
| order for this technique to be effective the names need to continue | order for this technique to be effective the names need to continue | |||
| to follow both the DNS format and conventions (a prime consideration | to follow both the DNS format and conventions (a prime consideration | |||
| for alternative name formats is that they can be entered in places | for alternative name formats is that they can be entered in places | |||
| that normally take DNS context names); this rules out using suffixes | that normally take DNS context names); this rules out using suffixes | |||
| that do not follow the usual letter, digit, and hyphen label | that do not follow the usual letter, digit, and hyphen label | |||
| convention. | convention. | |||
| 4. IANA Considerations | 4. IANA Considerations | |||
| The IANA is requested to add the ALT string to the "Special-Use | The IANA is requested to add the ALT string to the "Special-Use | |||
| Domain Name" registry ([RFC6761], and reference this document. In | Domain Name" registry ([RFC6761], and reference this document. | |||
| addition, the "Locally Served DNS Zones" ([RFC6303]) registry should | ||||
| be updated to reference this document. | ||||
| 4.1. Domain Name Reservation Considerations | 4.1. Domain Name Reservation Considerations | |||
| This section is to satisfy the requirement in Section 5 of RFC6761. | This section is to satisfy the requirement in Section 5 of RFC6761. | |||
| The domain "alt.", and any names falling within ".alt.", are special | The string ".alt." (and names ending with the string .alt) are | |||
| in the following ways: | special in the following ways: | |||
| 1. Human users are expected to know that strings that end in .alt | 1. Users are expected to know that strings that end in .alt behave | |||
| behave differently to normal DNS names. Users are expected to | differently to normal DNS names. Users are expected to have | |||
| have applications running on their machines that intercept | applications running on their machines that intercept strings of | |||
| strings of the form <namespace>.alt and perform special handing | the form <namespace>.alt and perform special handing of them. If | |||
| of them. If the user tries to resolve a name of the form | the user tries to resolve a name of the form <namespace>.alt | |||
| <namespace>.alt without the <namespace> plugin installed, the | without the <namespace> plugin installed, the request will leak | |||
| request will leak into the DNS, and receive a negative response. | into the DNS, receive a negative response, and the resolution | |||
| will fail. | ||||
| 2. Writers of application software that implement a non-DNS | 2. Writers of application software that implement a non-DNS | |||
| namespace are expected to intercept names of the form | namespace are expected to intercept names of the form | |||
| <namespace>.alt and perform application specific handing with | <namespace>.alt and perform application specific handing with | |||
| them. Other applications are not intended to perform any special | them. Other applications are not required to perform any special | |||
| handing. | handing (but may choose to provide helpful informational messages | |||
| if able). | ||||
| 3. Writers of name resolution APIs and libraries which operate in | 3. Writers of name resolution APIs and libraries which operate in | |||
| the DNS context should not attempt to look these names up in the | the DNS context should not attempt to look these names up in the | |||
| DNS. If developers of other namespaces implement their namespace | DNS. If developers of other namespaces implement their namespace | |||
| through a "shim" or library, they will need to intercept and | through a "shim" or library, they will need to intercept and | |||
| perform their own handling. | perform their own handling. | |||
| 4. Caching DNS servers SHOULD recognize these names as special and | 4. Caching DNS servers SHOULD NOT recognize these names as special | |||
| SHOULD NOT, by default, attempt to look up NS records for them, | and should not perform any special handling with them. | |||
| or otherwise query authoritative DNS servers in an attempt to | ||||
| resolve these names. Instead, caching DNS servers SHOULD | ||||
| generate immediate negative responses for all such queries. | ||||
| 5. Authoritative DNS servers SHOULD recognize these names as special | 5. Authoritative DNS servers SHOULD NOT recognize these names as | |||
| and SHOULD, by default, generate immediate negative responses for | special and should not perform any special handling with them. | |||
| all such queries, unless explicitly configured by the | ||||
| administrator to give positive answers for private-address | ||||
| reverse-mapping names. | ||||
| 6. DNS server operators SHOULD be aware that queries for names | 6. DNS server operators SHOULD be aware that queries for names | |||
| ending in .alt are not DNS names, and were leaked into the DNS | ending in .alt are not DNS names, and were leaked into the DNS | |||
| context (for example, by a missing browser plugin). This | context (for example, by a missing browser plugin). This | |||
| information may be useful for support or debugging purposes. | information may be useful for support or debugging purposes. | |||
| 7. DNS Registries/Registrars MUST NOT grant requests to register | 7. DNS Registries/Registrars MUST NOT grant requests to register | |||
| "alt" names in the normal way to any person or entity. These | ".alt" names in the normal way to any person or entity. These | |||
| "alt" names are defined by protocol specification to be | ".alt" names are defined by protocol specification to be | |||
| nonexistent, and they fall outside the set of names available for | nonexistent, and they fall outside the set of names available for | |||
| allocation by registries/registrars. | allocation by registries/registrars. | |||
| 5. Security Considerations | [ Ed note: The above list (esp. 4 and 5) was changed between version | |||
| -07 and -08, and instruction to add .ALT to the "Locally Served | ||||
| Zones" registry was removed. This was in response to discussions in | ||||
| the DNSOP Interim Meeting (2017-02) and discussions on the DNSOP list | ||||
| on "correct" behavior of leaking .alt queries and the interaction | ||||
| with DNSSEC. This topic generated in excess of 160 dense emails, but | ||||
| the summary was that that A: these are not DNS names (similar to | ||||
| .onion), and B: a delegation would need to be inserted in the ICANN/ | ||||
| IANA root zone in order to avoid SERVFAIL responses if this were | ||||
| added to "Locally Served". The consensus was that it is better to | ||||
| not request adding this to Locally Served (and so avoiding having to | ||||
| ask ICANN to create a process to create a "TLD" for the purposes of | ||||
| insecure delegation). ] | ||||
| 5. Privacy Considerations | ||||
| This document reserves ALT to be used to indicate that a name is not | ||||
| a DNS name, and so should not attempt to be resolved using the DNS. | ||||
| Unfortunately, these queries will undoubtedly leak into the DNS - for | ||||
| example, a user may receive an email containing a hostname which | ||||
| should be resolved using a specific resolution context (implemented | ||||
| by a specific application or resolution mechanism). If the user does | ||||
| not have that particular application installed (and their stub | ||||
| resolver library has not been updated to ignore queries for names | ||||
| ending in .alt), it is likely that this will instead be resolved | ||||
| using the DNS. This DNS query will likely be sent to the configured | ||||
| iterative resolver. If this resolver does not have a cache entry for | ||||
| this name (or, if the resolver implements | ||||
| [I-D.ietf-dnsop-nsec-aggressiveuse], a entry for .alt) this query | ||||
| will likely be sent to the DNS root servers. This exposes the | ||||
| (leaked) query name to the operator of the resolver, the operator of | ||||
| the queried DNS root server, and anyone watching queries along the | ||||
| path. This is a general problem with alternative name spaces and not | ||||
| confined to names ending in .alt. | ||||
| 6. Security Considerations | ||||
| One of the motivations for the creation of the .alt pseudo-TLD is | One of the motivations for the creation of the .alt pseudo-TLD is | |||
| that unmanaged labels in the managed root name space are subject to | that unmanaged labels in the managed root name space are subject to | |||
| unexpected takeover. This could occur if the manager of the root | unexpected takeover. This could occur if the manager of the root | |||
| name space decides to delegate the unmanaged label. Another | name space decides to delegate the unmanaged label. | |||
| motivation for implementing the .alt namespace to increase user | ||||
| privacy for those who do use alternate name resolution systems; it | ||||
| would limit how far these queries leak (e.g if used on a system which | ||||
| does not implement the alternate resolution system). | ||||
| The unmanaged and "registration not required" nature of labels | The unmanaged and "registration not required" nature of labels | |||
| beneath .alt provides the opportunity for an attacker to re-use the | beneath .alt provides the opportunity for an attacker to re-use the | |||
| chosen label and thereby possibly compromise applications dependent | chosen label and thereby possibly compromise applications dependent | |||
| on the special host name. | on the special host name. | |||
| 6. Acknowledgements | 7. Acknowledgements | |||
| We would also like to thank Joe Abley, Mark Andrews, Marc Blanchet, | We would like to thank Joe Abley, Mark Andrews, Marc Blanchet, John | |||
| John Bond, Stephane Bortzmeyer, David Cake, David Conrad, Patrik | Bond, Stephane Bortzmeyer, David Cake, David Conrad, Steve Crocker, | |||
| Faltstrom, Olafur Gudmundsson, Bob Harold, Paul Hoffman, Joel | Brian Dickson, Ralph Droms, Robert Edmonds, Patrik Faltstrom, Olafur | |||
| Jaeggli, Ted Lemon, Edward Lewis, George Michaelson, Ed Pascoe, | Gudmundsson, Bob Harold, Paul Hoffman, Joel Jaeggli, Ted Lemon, | |||
| Arturo Servin, and Paul Vixie for feedback. | Edward Lewis, John Levine, George Michaelson, Ed Pascoe, Jim Reid, | |||
| Arturo Servin, Paul Vixie, Suzanne Woolf for feedback. | ||||
| Christian Grothoff was also very helpful. | Christian Grothoff was also very helpful. | |||
| 7. References | 8. References | |||
| 7.1. Normative References | 8.1. Normative References | |||
| [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", | [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", | |||
| STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987, | STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987, | |||
| <http://www.rfc-editor.org/info/rfc1034>. | <http://www.rfc-editor.org/info/rfc1034>. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ | Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ | |||
| RFC2119, March 1997, | RFC2119, March 1997, | |||
| <http://www.rfc-editor.org/info/rfc2119>. | <http://www.rfc-editor.org/info/rfc2119>. | |||
| skipping to change at page 7, line 46 ¶ | skipping to change at page 8, line 9 ¶ | |||
| <http://www.rfc-editor.org/info/rfc6761>. | <http://www.rfc-editor.org/info/rfc6761>. | |||
| [RFC7686] Appelbaum, J. and A. Muffett, "The ".onion" Special-Use | [RFC7686] Appelbaum, J. and A. Muffett, "The ".onion" Special-Use | |||
| Domain Name", RFC 7686, DOI 10.17487/RFC7686, October | Domain Name", RFC 7686, DOI 10.17487/RFC7686, October | |||
| 2015, <http://www.rfc-editor.org/info/rfc7686>. | 2015, <http://www.rfc-editor.org/info/rfc7686>. | |||
| [RFC7719] Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS | [RFC7719] Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS | |||
| Terminology", RFC 7719, DOI 10.17487/RFC7719, December | Terminology", RFC 7719, DOI 10.17487/RFC7719, December | |||
| 2015, <http://www.rfc-editor.org/info/rfc7719>. | 2015, <http://www.rfc-editor.org/info/rfc7719>. | |||
| 7.2. Informative References | 8.2. Informative References | |||
| [Dingledine2004] | [Dingledine2004] | |||
| Dingledine, R., Mathewson, N., and P. Syverson, "Tor: The | Dingledine, R., Mathewson, N., and P. Syverson, "Tor: The | |||
| Second-Generation Onion Router", , 8 2004, | Second-Generation Onion Router", , 8 2004, | |||
| <<https://svn.torproject.org/svn/projects/design-paper/ | <<https://svn.torproject.org/svn/projects/design-paper/ | |||
| tor-design.html>>. | tor-design.html>>. | |||
| [I-D.ietf-dnsop-nsec-aggressiveuse] | ||||
| Fujiwara, K., Kato, A., and W. Kumari, "Aggressive use of | ||||
| DNSSEC-validated Cache", draft-ietf-dnsop-nsec- | ||||
| aggressiveuse-08 (work in progress), January 2017. | ||||
| [I-D.ietf-dnsop-sutld-ps] | [I-D.ietf-dnsop-sutld-ps] | |||
| Lemon, T., Droms, R., and W. Kumari, "Special-Use Names | Lemon, T., Droms, R., and W. Kumari, "Special-Use Names | |||
| Problem Statement", draft-ietf-dnsop-sutld-ps-00 (work in | Problem Statement", draft-ietf-dnsop-sutld-ps-02 (work in | |||
| progress), October 2016. | progress), January 2017. | |||
| Appendix A. Changes / Author Notes. | Appendix A. Changes / Author Notes. | |||
| [RFC Editor: Please remove this section before publication ] | [RFC Editor: Please remove this section before publication ] | |||
| From -07 to -08: | ||||
| o Made it clear that this is only for non-DNS. | ||||
| o As per Interim consensus, removed the "add this to local zones" | ||||
| text. | ||||
| o Added a Privacy Considerations section | ||||
| o Grammar fix -- "alternative" is more correct than "alternate", | ||||
| replaced. | ||||
| From -06 to -07: | From -06 to -07: | |||
| o Rolled up the GItHub releases in to a full release. | o Rolled up the GItHub releases in to a full release. | |||
| From -07.2 to -07.3 (GitHub point release): | From -07.2 to -07.3 (GitHub point release): | |||
| Removed 'sandbox' at Stephane's suggestion - https://www.ietf.org/ | Removed 'sandbox' at Stephane's suggestion - https://www.ietf.org/ | |||
| mail-archive/web/dnsop/current/msg18495.html | mail-archive/web/dnsop/current/msg18495.html | |||
| Suggested (in 4.1 bullet 3) that DNS libraries ignore these -- Bob | Suggested (in 4.1 bullet 3) that DNS libraries ignore these -- Bob | |||
| Harold - https://mailarchive.ietf.org/arch/msg/dnsop/ | Harold - https://mailarchive.ietf.org/arch/msg/dnsop/ | |||
| a_ruPf8osSzi_hCzCqOxYLXhYoA | a_ruPf8osSzi_hCzCqOxYLXhYoA | |||
| Added some pointers to the SUTLD document. | Added some pointers to the SUTLD document. | |||
| From -07.1 to -07.2 (Github point release): | From -07.1 to -07.2 (Github point release): | |||
| o Reverted the <TBD> string (at request of chairs). | o Reverted the <TBD> string (at request of chairs). | |||
| End of changes. 38 change blocks. | ||||
| 111 lines changed or deleted | 129 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||