|
|
Subscribe / Log in / New account

GNUnet: IETF getting cold feet about P2P Names?

[Posted July 24, 2015 by n8willis]

The GNUnet blog has this story about recent resistance from the IETF toward the standardization of "special use" domain names (such as .onion or .gnu) "to reduce the likelihood of ICANN accidentally creating a conflicting gTLD assignment."

Despite the provisions made in RFC 6761, the article notes that "there are also a number of DNS-centric people with a totally lack of alacrity in the dnsop WG to continue to stall the process by repeating arguments that were exchanged dozens of times in hundreds of e-mails". Among those offering resistance, it reports, is Internet Architecture Board Chair Andrew Sullivan, who "says the IETF should not support special use domain names threatening the DNS business model".

to post comments

What's the actual story here?

Posted Jul 24, 2015 22:31 UTC (Fri) by gdt (subscriber, #6284) [Link] (7 responses)

I would have hoped for slightly more background. The referenced webpage seems to advocate one position, part of LWN's strength is that it's usually presents and weighs all of the positions.

What's the actual story here?

Posted Jul 25, 2015 6:36 UTC (Sat) by ebirdie (guest, #512) [Link] (1 responses)

This isn't a feature article, where researched arguments usually take place, but a news item raising an issue. I think the LWN.net's news item made the positions quite clear. Should there be more than two positions or were you expecting more backgrounds on the 'DNS business model'?

However 'DNS business model' is an interesting argument worth more digging, I think, as it is used to overrule the RFC and .onion and .gnu as 'special use' cases, which do have their technical grounds for the 'special use'.

DNS business model ?

Posted Jul 25, 2015 10:06 UTC (Sat) by copsewood (subscriber, #199) [Link]

Can you imagine a business able to decide how much to remunerate its directors able to sell privileged access to international telephony dialling codes ? That one doesn't seem to follow the same political model - because the politically more mature, slower and more bureaucratic and consensual ITU didn't and wouldn't enable it.

Metcalfe's law only extends so far in this space given that the technical barriers to setting up an alternate DNS root containing much the same entries minus the blatant profit grab and patching a few operating systems to recognise this in preference to the current root don't seem insuperable, once ICANN's inherent corruption creates a tipping point.

What's the actual story here?

Posted Jul 26, 2015 1:01 UTC (Sun) by ncm (guest, #165) [Link] (4 responses)

After reading the links, I still can't say I have any coherent idea what either the story or the other comments are about. With so little background offered, it is hard to know why this story ran at all. I doubt it would take more than three or for sentences to give a sense of why we might need to know about this, and I think I would like to know. But I am not sure.

What's the actual story here?

Posted Jul 26, 2015 2:09 UTC (Sun) by drag (guest, #31333) [Link]

Sounds like people are worried that these 'P2P' TLD would allow people to make domain names willy-nilly and do trademark violations. So somebody may want to make a anti-walmart site on 'walmart.onion' and there isn't anything Walmart would be able to do to take those domain names away. And then the domain register companies are only going to want to have TLDs were they can reserve the 'good' names and resell them to all the same companies that bought the same domain names on .net, .com, etc. It's like a mild form of extortion, which is the 'business model' they are talking about.

Personally I think the whole TLD thing is a freaking disaster. That and the central control and registration of domain names have lead to censorship were governments can simply shut down domains they don't like. And security sucks, DNSSEC still has to catch on.

We need a widespread alternative name resolution system that is secure. If it's secure and distributed then you can also use that to put a stake through the heart of the certificate authority disaster.. another flawed system full of exploitation by corporations and is subject to widespread government manipulation.

What's the actual story here?

Posted Jul 28, 2015 0:44 UTC (Tue) by edmonds42 (guest, #42670) [Link] (2 responses)

There have been hundreds of messages to the IETF DNSOP WG mailing list recently about adding a number of domain names to the Special-Use Domain Names registry established by RFC 6761. This registry was initially created so that Apple's use of the ".local" TLD for Multicast DNS could be legitimated.

The author of this blog post is presumably GNUnet developer Christian Grothoff, who wrote a "P2P Names" Internet-Draft that would add ".gnu", ".zkey", ".onion", ".exit", and ".i2p" to the Special-Use Domain Names registry. This draft has languished for years but interest has recently picked up due to, for instance, the rollout of the ICANN New gTLD Program. Having a TLD on the Special-Use registry would prevent it from being delegated by ICANN in the root zone, possibly in a future new gTLD round. The RFC adding an entry to the Special-Use registry can also make recommendations to DNS software developers to generate "immediate negative responses", as is done for some zones like "10.in-addr.arpa". This could reduce the privacy impact of accidental "DNS leaks" for protocols like Tor if widely deployed.

Meanwhile, Facebook launched the Facebook-over-Tor project using the URL https://facebookcorewwwi.onion/, and they did so with a browser verifiable SSL certificate from a CA(!). Those kinds of certificates are currently issued under an "internal names loophole" that will expire later this year, unless ".onion" is added to the Special-Use registry. Alec Muffett of Facebook and Jacob Appelbaum of the Tor Project put forward a separate Internet-Draft adding just ".onion" to the Special-Use registry. This draft gained consensus, first as draft-appelbaum-dnsop-onion-tld, then as draft-ietf-dnsop-onion-tld after it was adopted by the DNSOP working group. It will most likely be published soon and thus cause ".onion" to be added to the Special-Use registry, before the CA/B Forum deadline. For further details about Facebook's involvement, see this DNSOP WG mailing list post from Alec Muffett.

Long-time IETF participant Ted Lemon described a probable reason that the original Grothoff draft with its bundle of five different Special-Use registrations failed to gain consensus:

The problem with draft-grothoff-- is not that the strings it proposes to standardize are unrelated. Whether they are related or not is immaterial. The problem is that there is more than one such string, and consensus depends on the least popular string listed. By separating out .onion, we give ourselves a better chance of actually getting consensus in the short term.

It could be that proponents for some of the other strings in draft-grothoff-- would prefer that onion not be separated out in hopes that this will make it more likely that the other strings mentioned in draft-grothoff-- can ride on the coattails of .onion, which seems like a shoe-in. However, anyone who thinks this has minimal experience with DNSOP. Such a belief would be overly optimistic. In fact, if there is anything that elicits strong objection, it will hold up the whole draft, no matter how much consensus there may be on the more popular names. This is precisely because we operate on the basis of rough consensus, not on the basis of popularity. So tacking something less popular onto something popular does not get the less popular thing support: it robs support from the more popular thing.

The four other proposals besides ".onion" were subsequently split out into separate drafts: draft-grothoff-iesg-special-use-p2p-i2p, draft-grothoff-iesg-special-use-p2p-gns, draft-grothoff-iesg-special-use-p2p-exit, and draft-grothoff-iesg-special-use-p2p-bit.

The proximate cause for the GNUnet blog post about the IETF "getting cold feet" appears to be comments Andrew Sullivan made at the microphone at the IETF-93 DNSOP WG meeting, which were recorded in the minutes as:

    Andrew Sullivan: Some of these are attacks on the way that the DNS works
        ...and thus a bad idea
        If you don't use the domain name space rules, you don't get a name
        Don't ask the IETF to help you compete with the DNS business model
He later clarified his remarks after the GNUnet blog post in a DNSOP WG mailing list post:

In the first place, the point I was trying to make in the "business model" remark is just this: some of the drafts trying to register special-use names that Christian Grothoff talked about hive out of the DNS uses of names that create a resolution system only in some special network context. So, just as local. marks something as to be looked up only with mDNS, onion. and exit. both mark something as to be looked up only under onion routing (or maybe, depending on your view, only using Tor). But others of these proposals, such as bit., mark out a name space and associated protocol that competes with the DNS. It is a fully parallel name resolution universe, applicable to absolutely any network application. My point was that the second class of these basically puts us in the position of approving a special-use registration that is effectively an attack on someone else's business model (ICANN's and that of the various registries and registrars). I believe that draws the IETF into a political battle for which it is unprepared, and that's really why I object to these registrations.

What's the actual story here?

Posted Jul 28, 2015 16:35 UTC (Tue) by shmget (guest, #58347) [Link]

"My point was that the second class of these basically puts us in the position of approving a special-use registration that is effectively an attack on someone else's business model"

This is insane. IETF is not there to protect 'Business Model', by enforcing a monopoly, and making sure that now matter how much corrupt such 'business' has become, it will persist by force rather than by merit.
This is akin to taking seriously arguments that one should not legalized drugs because it is an 'attack' to the business model of Drug Cartels...

What's the actual story here?

Posted Aug 3, 2015 15:44 UTC (Mon) by wtanksleyjr (subscriber, #74601) [Link]

+1, useful comment, thank you!

GNUnet: IETF getting cold feet about P2P Names?

Posted Jul 25, 2015 8:34 UTC (Sat) by kunitz (subscriber, #3965) [Link]

I don't think that the IETF should prefer one business model over the other.

A related Problem

Posted Jul 27, 2015 10:02 UTC (Mon) by giggls (subscriber, #48434) [Link] (9 responses)

A related Problem is the nonexistance of a unique TLD for internal use.

A related Problem

Posted Jul 27, 2015 12:52 UTC (Mon) by gerdesj (subscriber, #5446) [Link] (4 responses)

For "internal" use, you get to define exactly what DNS looks like from your perspective.

A related Problem

Posted Jul 27, 2015 15:40 UTC (Mon) by anselm (subscriber, #2796) [Link] (3 responses)

Yes, but there's always the risk that, soon after you have decided to use .quux as your internal TLD, ICANN will sell the official .quux TLD to someone. Next, public web sites like www.coolest-site-ever.quux will pop up, and users at your site would really like to use them but can't get at them.

A related Problem

Posted Jul 28, 2015 1:51 UTC (Tue) by edmonds42 (guest, #42670) [Link] (2 responses)

There's nothing intrinsic to split-horizon DNS that requires the separation point to occur at the root level. You could, for instance, register quux.com in the .com registry, and then make internal.quux.com the zone that can only be seen by internal clients. Or you could even serve different versions of the quux.com zone to different clients.

A related Problem

Posted Jul 29, 2015 8:26 UTC (Wed) by giggls (subscriber, #48434) [Link] (1 responses)

I know, that this is the recommended way to go, but I consider it somewhat stupid to register a TLD for something which should be invisible from the Internet by design.

A related Problem

Posted Jul 30, 2015 15:14 UTC (Thu) by alonz (subscriber, #815) [Link]

Didn't you just write (in another comment) that not registering a TLD for internal use is the "stupid" option?

A related Problem

Posted Jul 27, 2015 17:52 UTC (Mon) by jch (guest, #51929) [Link] (2 responses)

There's .local for mDNS, and .test for normal DNS. The IETF Homenet WG is currently using .home for site-local names, but I don't think it's been registered yet.

The full set of registered special-use TLDs is on http://www.iana.org/assignments/special-use-domain-names/...

A related Problem

Posted Jul 29, 2015 8:23 UTC (Wed) by giggls (subscriber, #48434) [Link] (1 responses)

.test does not sound like something you would like to deploy inside a cooperate network. Same goes for .invalid

.local is not an option anymore since it might interfere with mdns.

I think that not registering a domain and thus a namespace for internal use is simply stupid from a technical point of view.

Sven

A related Problem

Posted Jul 30, 2015 14:17 UTC (Thu) by kpfleming (subscriber, #23250) [Link]

It's unlikely that any person, or group of people, made an explicit decision that no such special-use name should be registered (ever). Rather, it's much more likely that nobody has proferred an I-D that would result in its registration and started the discussion. Since it does indeed seem like a good idea, and there's a fresh batch of drafts for single-name registrations, you could easily take one of those and modify it for 'internal'. and start the discussion.

A related Problem

Posted Aug 4, 2015 12:41 UTC (Tue) by gerv (guest, #3376) [Link]

There is some hope that .home and .corp will become these; they got put on hold in the new gTLD process because they are already used this way /de facto/ in many places. Someone needs to put forward an I-D...


Copyright © 2015, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds