idnits 2.17.1 draft-ietf-dnsop-alt-tld-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 2 instances of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (June 5, 2015) is 3245 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 dnsop W. Kumari 3 Internet-Draft Google 4 Intended status: Informational A. Sullivan 5 Expires: December 7, 2015 Dyn 6 June 5, 2015 8 The ALT Special Use Top Level Domain 9 draft-ietf-dnsop-alt-tld-00 11 Abstract 13 This document reserves a string (ALT) to be used as a TLD label in 14 non-DNS contexts or for names that have no meaning in a global 15 context. It also provides advice and guidance to developers 16 developing alternate namespaces. 18 [ Ed note: This document lives in GitHub at: 19 https://github.com/wkumari/draft-wkumari-dnsop-alt-tld . Issues and 20 pull requests happily accpeted. ] 22 Status of This Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at http://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on December 7, 2015. 39 Copyright Notice 41 Copyright (c) 2015 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (http://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 57 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 2 58 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 59 2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3 60 3. The ALT namespace . . . . . . . . . . . . . . . . . . . . . . 4 61 4. Advice to developers . . . . . . . . . . . . . . . . . . . . 6 62 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 63 5.1. Domain Name Reservation Considerations . . . . . . . . . 6 64 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 65 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 66 8. Normative References . . . . . . . . . . . . . . . . . . . . 8 67 Appendix A. Changes / Author Notes. . . . . . . . . . . . . . . 8 68 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 70 1. Introduction 72 Many protocols and systems need to name entities. Names that look 73 like DNS names (a series of labels separated with dots) have become 74 common, even in systems that are not part of the global DNS. 76 This document provides a solution that may be more appropriate than 77 [RFC6761] in many cases. RFC6761 specifies Special Use TLDs which 78 should only be used in exceptional circumstances. 80 This document reserves the label "ALT" (short for "Alternate") as a 81 Special Use Domain ([RFC6761]). This label is intended to be used as 82 the final label (apart from the zero-length terminating label) to 83 signify that the name is not rooted in the DNS, and that normal 84 registration and lookup rules do not apply. 86 1.1. Requirements notation 88 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 89 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 90 document are to be interpreted as described in [RFC2119]. 92 1.2. Terminology 94 This document assumes familiarity with DNS terms and concepts. 95 Please see [RFC1034] for background and concepts. 97 o DNS context: The namespace anchored at the globally-unique DNS 98 root. This is the namespace or context that "normal" DNS uses. 100 o non-DNS context: Any other (alternate) namespace. 102 o pseudo-TLD: A label that appears in a fully-qualified domain name 103 in the position of a TLD, but which is not registered in the 104 global DNS. 106 o TLD: The last visible label in either a fully-qualified domain 107 name or a name that is qualified relative to the root. See the 108 discussion in Section 2. 110 2. Background 112 The DNS data model is based on a tree structure, and has a single 113 root. Conventionally, a name immediately beneath the root is called 114 a "Top Level Domain" or "TLD". TLDs usually delegate portions of 115 their namespace to others, who may then delegate further. The 116 hierarchical, distributed and caching nature of the DNS has made it 117 the primary resolution system on the Internet. 119 Domain names are terminated by a zero-length label, so the root label 120 is normally invisible. Truly fully-qualified names indicate the root 121 label explicitly, thus: "an.example.tld.". Most of the time, names 122 are written implicitly relative to the root, thus: "an.example.tld". 123 In both of these cases, the TLD is the last label that is visible in 124 presentation format -- in this example, the string "tld". (This 125 little bit of pedantry is here because, in different contexts, people 126 can use the term "fully-qualified domain name" to refer to either of 127 these uses.) It is worth noting that the root label is present in 128 the on-wire format of fully-qualified domain names, even if not 129 displayed in the presentation form. 131 The success of the DNS makes it a natural starting point for systems 132 that need to name entities in a non-DNS context, or that have no 133 unique meaning in a global context. These name resolutions, 134 therefore, occur in a namespace distinct from the DNS. 136 In many cases, these systems build a DNS-style tree parallel to the 137 global DNS administered by IANA. They often use a pseudo-TLD to 138 cause resolution in the alternate namespace, using browser plugins, 139 shims in the name resolution process, or simply applications that 140 perform special handling of this alternate namespace. 142 In many cases, the creators of these alternate namespaces have chosen 143 a convenient or descriptive string and started using it. These new 144 strings are "alternate" strings and are not registered anywhere or 145 part of the DNS. However they appear to be TLDs. Issues may arise 146 if they are looked up in the DNS. These include: 148 o User confusion: If someone emails a link of the form 149 foo.bar.pseudo-TLD to someone who does not have the necessary 150 software to resolve names in the pseudo-TLD namespace, the name 151 will not resolve and the user may become confused. 153 o Excess traffic hitting the DNS root: Lookups leak out of the 154 pseudo-TLD namespace and end up hitting the DNS root nameservers. 156 o Collisions: If the pseudo-TLD is eventually delegated from the 157 root zone the behavior may be non-deterministic. 159 o Lack of success for the user's original goal. 161 An alternate name resolution system might be specifically designed to 162 provide confidentiality of the looked up name, and to provide a 163 distributed and censorship resistant namespace. This goal would 164 necessarily be defeated if the queries leak into the DNS, because the 165 attempt to look up the name would be visible at least to the 166 operators of root name servers. 168 3. The ALT namespace 170 In order to avoid the above issues, we reserve the ALT label. Unless 171 the name desired is globally unique, has meaning on the global 172 context and is delegated in the DNS, it should be considered an 173 alternate namespace, and follow the ALT label scheme outlined below. 174 The ALT label MAY be used in any domain name as a pseudo-TLD to 175 signify that this is an alternate (non-DNS) namespace. 177 Alternate namespaces should differentiate themselves from other 178 alternate namespaces by choosing a name and using it in the label 179 position just before the pseudo-TLD (ALT). For example, a group 180 wishing to create a namespace for Friends Of Olaf might choose the 181 string "foo" and use any set of labels under foo.alt. 183 As they are in an alternate namespace, they have no significance in 184 the regular DNS context and so should not be looked up in the DNS 185 context. Unfortunately simply saying that "something should not 186 happen" doesn't actually stop it from happening, so we need some 187 rules to guide implementors and operators. The ALT TLD is delegated 188 to "new style" AS112 servers, and so recursive and stub resolvers 189 will get NXDOMAIN for all queries. 191 1. Iterative resolvers SHOULD follow the advice in [RFC6303], 192 Section 3. 194 2. The ALT TLD is delegated to "new style" AS112 nameservers 195 ([RFC7535] ), which will return NXDOMAIN for all queries. 197 These rules are intended to limit how far unintentional queries (i.e. 198 those not intended for the global DNS) flow. 200 Groups wishing to create new alternate namespaces SHOULD create their 201 alternate namespace under a label that names their namespace, and 202 under the ALT label. They SHOULD choose a label that they expect to 203 be unique and, ideally, descriptive. 205 Currently deployed projects and protocols that are using pseudo-TLDs 206 may decide to move under the ALT TLD, but this is not a requirement. 207 Rather, the ALT TLD is being reserved so that future projects of a 208 similar nature have a designated place to create alternate resolution 209 namespaces that will not conflict with the regular DNS context. 211 A number of names other than .ALT were considered and discarded. In 212 order for this technique to be effective the names need to continue 213 to follow both the DNS format and conventions (a prime consideration 214 for alternate name formats is that they can be entered in places that 215 normally take DNS context names); this rules out using suffixes that 216 do not follow the usual letter, digit, and hyphen label convention. 217 Another proposal was that the ALT TLD instead be a reservation under 218 .arpa. This was considered, but rejected for several reasons, 219 including: 221 1. We wished this to make it clear that this is not in the DNS 222 context, and .arpa clearly is. 224 2. The use of the string .ALT is intended to evoke the alt.* 225 hierarchy in Usenet. 227 3. We wanted the string to be short and easily used. 229 4. A name underneath .arpa would consume at least five additional 230 octets of the total 255 octets available in domain names, which 231 could put pressure on applications that need long machine- 232 generated names. 234 5. We are suggesting that the string .ALT get special treatment in 235 resolvers, and shim software. We are concerned that using 236 subdomains of an existing TLD (like .arpa) might end up with bad 237 implementations misconfiguring / overriding the TLD itself and 238 breaking .arpa. 240 There is a concern that if there were placed under .arpa, 241 inexperienced nameserver operators may inadvertently cover .arpa. A 242 more significant concern is that the scope of the issue if the query 243 does leak, and the fact that this would then make the root of the 244 alternate naming namespace a third level domain, and not a second 245 one. A project may be willing to have a name of the form 246 example.alt, but example.alt.arpa may be not look as good. 248 4. Advice to developers 250 Often, a subdomain of an existing, owned domain may suffice. When 251 that is so, using a subdomain in the DNS is always preferable, and 252 safest in terms of not risking misuse, duplications, or collisions. 253 In the rare instance in which it is not desirable to have the name in 254 the DNS, the .ALT namespace may be used. 256 In a number of cases the purpose of the alternate name resolution 257 system is to provide confidentiality. For these systems the above 258 advice is problematic. If the query for one of these names (for 259 example harry.foo.example.com were to leak into the DNS, the query 260 would hit the recursive resolver, and (assuming empty caches) would 261 then hit the root, the .com name servers, the example.com name 262 servers and then the foo.example.com nameservers. This means that 263 the fact that a user is resolving harry.foo.example.com would be 264 visible to a large number of people. Furthermore, the 265 harry.foo.example.com nameservers become a good oracle to determine 266 what names exist, and who is trying to reach them. 268 For projects that are very latency sensitive, or that desire to 269 provide confidentiality, we recommend anchoring the alternate 270 namespace under the .ALT TLD. 272 5. IANA Considerations 274 The IANA is requested to add the ALT string to the "Special-Use 275 Domain Name" registry ([RFC6761], and reference this document. In 276 addition, the "Locally Served DNS Zones" ([RFC6303]) registry should 277 be updated to reference this document. 279 5.1. Domain Name Reservation Considerations 281 This section is to satisfy the requirement in Section 5 of RFC6761. 283 The domain "alt.", and any names falling within ".alt.", are special 284 in the following ways: 286 1. Human users are expected to know that strings that end in .alt 287 behave differently to normal DNS names. Users are expected to 288 have applications running on their machines that intercept stings 289 of the form .alt and perform special handing of them. 291 If the user tries to resolve a name of the form .alt 292 without the plugin installed, the request will leak 293 into the DNS, and receive a negative response. 295 2. Writers of application software that implement a non-DNS 296 namespace are expected to intercept names of the form 297 .alt and perform application specific handing with 298 them. Other applications are not intended to perform any special 299 handing. 301 3. In general, writers of name resolution APIs and libraries do not 302 need to perform special handing of these names. If developers of 303 other namespaces implement their namespace through a "shim" or 304 library, they will need to intercept and perform their own 305 handling. 307 4. Caching DNS servers SHOULD recognize these names as special and 308 SHOULD NOT, by default, attempt to look up NS records for them, 309 or otherwise query authoritative DNS servers in an attempt to 310 resolve these names. Instead, caching DNS servers SHOULD 311 generate immediate negative responses for all such queries. 313 5. Authoritative DNS servers SHOULD recognize these names as special 314 and SHOULD, by default, generate immediate negative responses for 315 all such queries, unless explicitly configured by the 316 administrator to give positive answers for private-address 317 reverse-mapping names. 319 6. DNS server operators SHOULD be aware that queries for names 320 ending in .alt are not DNS names, and were leaked into the DNS 321 context (for example, by a missing browser plugin). This 322 information may be useful for support or debuggung purposes. 324 7. DNS Registries/Registrars MUST NOT grant requests to register 325 "alt" names in the normal way to any person or entity. These 326 "alt" names are defined by protocol specification to be 327 nonexistent, and they fall outside the set of names available for 328 allocation by registries/registrars. 330 6. Security Considerations 332 One of the motivations for the creation of the alt pseudo-TLD is that 333 unmanaged labels in the managed root name space are subject to 334 unexpected takeover if the manager of the root name space decides to 335 delegate the unmanaged label. 337 The unmanaged and "registration not required" nature of labels 338 beneath .ALT provides the opportunity for an attacker to re-use the 339 chosen label and thereby possibly compromise applications dependent 340 on the special host name. 342 7. Acknowledgements 344 The authors understand that there is much politics surrounding the 345 delegation of a new TLD and thank the ICANN liaison in advance. 347 We would also like to thank Joe Abley, Mark Andrews, Marc Blanchet, 348 John Bond, Stephane Bortzmeyer, David Cake, David Conrad, Patrik 349 Faltstrom, Olafur Gudmundsson, Paul Hoffman, Joel Jaeggli, Ted Lemon, 350 Edward Lewis, George Michaelson, Ed Pascoe, Arturo Servin, and Paul 351 Vixie for feedback. 353 8. Normative References 355 [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", 356 STD 13, RFC 1034, November 1987. 358 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 359 Requirement Levels", BCP 14, RFC 2119, March 1997. 361 [RFC6303] Andrews, M., "Locally Served DNS Zones", BCP 163, RFC 362 6303, July 2011. 364 [RFC6761] Cheshire, S. and M. Krochmal, "Special-Use Domain Names", 365 RFC 6761, February 2013. 367 [RFC7535] Abley, J., Dickson, B., Kumari, W., and G. Michaelson, 368 "AS112 Redirection Using DNAME", RFC 7535, May 2015. 370 Appendix A. Changes / Author Notes. 372 [RFC Editor: Please remove this section before publication ] 374 From Individual-06 to DNSOP-00 376 o Nothing changed, simply renamed draft-wkumari-dnsop-alt-tld to 377 draft-ietf-dnsop-alt-tld 379 From -05 to -06 381 o Incorporated comments from a number of people, including a number 382 of suggestion heard at the IETF meeting in Dallas, and the DNSOP 383 Interim meeting in May, 2015. 385 o Removed the "Let's have an (optional) IANA registry for people to 386 (opportinistically) register their string, if they want that 387 option" stuff. It was, um, optional.... 389 From -04 to -05 391 o Went through and made sure that I'd captured the feedback 392 received. 394 o Comments from Ed Lewis. 396 o Filled in the "Domain Name Reservation Considerations" section of 397 RFC6761. 399 o Removed examples from .Onion. 401 From -03 to -04 403 o Incorporated some comments from Paul Hoffman 405 From -02 to -03 407 o After discussions with chairs, made this much more generic (not 408 purely non-DNS), and some cleanup. 410 From -01 to -02 412 o Removed some fluffy wording, tightened up the language some. 414 From -00 to -01. 416 o Fixed the abstract. 418 o Recommended that folk root their non-DNS namespace under a DNS 419 namespace that they control (Joe Abley) 421 Authors' Addresses 423 Warren Kumari 424 Google 425 1600 Amphitheatre Parkway 426 Mountain View, CA 94043 427 US 429 Email: warren@kumari.net 430 Andrew Sullivan 431 Dyn 432 150 Dow Street 433 Manchester, NH 03101 434 US 436 Email: asullivan@dyn.com