draft-ietf-dnsop-alt-tld-01.txt   draft-ietf-dnsop-alt-tld-02.txt 
dnsop W. Kumari dnsop W. Kumari
Internet-Draft Google Internet-Draft Google
Intended status: Informational A. Sullivan Intended status: Informational A. Sullivan
Expires: January 4, 2016 Dyn Expires: March 16, 2016 Dyn
July 3, 2015 September 13, 2015
The ALT Special Use Top Level Domain The ALT Special Use Top Level Domain
draft-ietf-dnsop-alt-tld-01 draft-ietf-dnsop-alt-tld-02
Abstract Abstract
This document reserves a string (ALT) to be used as a TLD label in This document reserves a string (ALT) to be used as a TLD label in
non-DNS contexts or for names that have no meaning in a global non-DNS contexts or for names that have no meaning in a global
context. It also provides advice and guidance to developers context. It also provides advice and guidance to developers
developing alternate namespaces. developing alternate namespaces.
[ Ed note: This document lives in GitHub at: [ Ed note: This document lives in GitHub at:
https://github.com/wkumari/draft-wkumari-dnsop-alt-tld . Issues and https://github.com/wkumari/draft-wkumari-dnsop-alt-tld . Issues and
skipping to change at page 1, line 38 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 4, 2016. This Internet-Draft will expire on March 16, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 16 skipping to change at page 2, line 16
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements notation . . . . . . . . . . . . . . . . . . 2 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 2
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2
2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. The ALT namespace . . . . . . . . . . . . . . . . . . . . . . 4 3. The ALT namespace . . . . . . . . . . . . . . . . . . . . . . 4
3.1. Choice of the ALT Name . . . . . . . . . . . . . . . . . 5
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
4.1. Domain Name Reservation Considerations . . . . . . . . . 6 4.1. Domain Name Reservation Considerations . . . . . . . . . 6
5. Security Considerations . . . . . . . . . . . . . . . . . . . 7 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7
7. Normative References . . . . . . . . . . . . . . . . . . . . 7 7. Normative References . . . . . . . . . . . . . . . . . . . . 8
Appendix A. Changes / Author Notes. . . . . . . . . . . . . . . 8 Appendix A. Changes / Author Notes. . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction 1. Introduction
Many protocols and systems need to name entities. Names that look Many protocols and systems need to name entities. Names that look
like DNS names (a series of labels separated with dots) have become like DNS names (a series of labels separated with dots) have become
common, even in systems that are not part of the global DNS. common, even in systems that are not part of the global DNS
administered by IANA.
This document provides a solution that may be more appropriate than This document provides a solution that may be more appropriate than
[RFC6761] in many cases. [RFC6761] in many cases.
This document reserves the label "ALT" (short for "Alternate") as a This document reserves the label "ALT" (short for "Alternate") as a
Special Use Domain ([RFC6761]). This label is intended to be used as Special Use Domain ([RFC6761]). This label is intended to be used as
the final label (apart from the zero-length terminating label) to the final label to signify that the name is not rooted in the DNS,
signify that the name is not rooted in the DNS, and that normal and that normal registration and lookup rules do not apply.
registration and lookup rules do not apply.
1.1. Requirements notation 1.1. Requirements notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
1.2. Terminology 1.2. Terminology
This document assumes familiarity with DNS terms and concepts. This document assumes familiarity with DNS terms and concepts.
skipping to change at page 3, line 41 skipping to change at page 3, line 44
can use the term "fully-qualified domain name" to refer to either of can use the term "fully-qualified domain name" to refer to either of
these uses.) It is worth noting that the root label is present in these uses.) It is worth noting that the root label is present in
the on-wire format of fully-qualified domain names, even if not the on-wire format of fully-qualified domain names, even if not
displayed in the presentation form. displayed in the presentation form.
The success of the DNS makes it a natural starting point for systems The success of the DNS makes it a natural starting point for systems
that need to name entities in a non-DNS context, or that have no that need to name entities in a non-DNS context, or that have no
unique meaning in a global context. These name resolutions, unique meaning in a global context. These name resolutions,
therefore, occur in a namespace distinct from the DNS. therefore, occur in a namespace distinct from the DNS.
In many cases, these systems build a DNS-style tree parallel to the In many cases, these systems build a DNS-style tree parallel to, but
global DNS administered by IANA. They often use a pseudo-TLD to separate from, the global DNS. They often use a pseudo-TLD to cause
cause resolution in the alternate namespace, using browser plugins, resolution in the alternate namespace, using browser plugins, shims
shims in the name resolution process, or simply applications that in the name resolution process, or simply applications that perform
perform special handling of this alternate namespace. special handling of this particular alternate namespace.
In many cases, the creators of these alternate namespaces have chosen In many cases, the creators of these alternate namespaces have chosen
a convenient or descriptive string and started using it. These new a convenient or descriptive string and started using it. These new
strings are "alternate" strings and are not registered anywhere or strings are "alternate" strings and are not registered anywhere or
part of the DNS. However they appear to be TLDs. Issues may arise part of the DNS. However they appear to users and to some
if they are looked up in the DNS. These include: applications to be TLDs. Issues may arise if they are looked up in
the DNS. These include:
o User confusion: If someone emails a link of the form o User confusion: If someone emails a link of the form
foo.bar.pseudo-TLD to someone who does not have the necessary foo.bar.pseudo-TLD to someone who does not have the necessary
software to resolve names in the pseudo-TLD namespace, the name software to resolve names in the pseudo-TLD namespace, the name
will not resolve and the user may become confused. will not resolve and the user may become confused.
o Excess traffic hitting the DNS root: Lookups leak out of the o Excess traffic hitting the DNS root: Lookups leak out of the
pseudo-TLD namespace and end up hitting the DNS root nameservers. pseudo-TLD namespace and end up hitting the DNS root nameservers.
o Collisions: If the pseudo-TLD is eventually delegated from the o Collisions: If the pseudo-TLD is eventually delegated from the
root zone the behavior may be non-deterministic. root zone, the lookup behavior will change in a non-deterministic
fashion.
o Lack of success for the user's original goal. o Lack of success for the user's original goal.
An alternate name resolution system might be specifically designed to An alternate name resolution system might be specifically designed to
provide confidentiality of the looked up name, and to provide a provide confidentiality of the looked up name, and to provide a
distributed and censorship resistant namespace. This goal would distributed and censorship-resistant namespace. This goal would
necessarily be defeated if the queries leak into the DNS, because the necessarily be defeated if the queries leak into the DNS, because the
attempt to look up the name would be visible at least to the attempt to look up the name would be visible at least to the
operators of root name servers. operators of root name servers and to any entity viewing the DNS
lookups going to the root nameservers.
3. The ALT namespace 3. The ALT namespace
In order to avoid the above issues, we reserve the ALT label. Unless In order to avoid the above issues, we reserve the ALT label. Unless
the name desired is globally unique, has meaning on the global the name desired is globally unique, has meaning on the global
context and is delegated in the DNS, it should be considered an context and is delegated in the DNS, it should be considered an
alternate namespace, and follow the ALT label scheme outlined below. alternate namespace, and follow the ALT label scheme outlined below.
The ALT label MAY be used in any domain name as a pseudo-TLD to The ALT label MAY be used in any domain name as a pseudo-TLD to
signify that this is an alternate (non-DNS) namespace. signify that this is an alternate (non-DNS) namespace.
skipping to change at page 5, line 6 skipping to change at page 5, line 13
namespace resolution), and so the ALT TLD has been added to the namespace resolution), and so the ALT TLD has been added to the
"Locally Served DNS Zones" ( [RFC6303]) registry to limit how far "Locally Served DNS Zones" ( [RFC6303]) registry to limit how far
these flow. these flow.
Groups wishing to create new alternate namespaces SHOULD create their Groups wishing to create new alternate namespaces SHOULD create their
alternate namespace under a label that names their namespace, and alternate namespace under a label that names their namespace, and
under the ALT label. They SHOULD choose a label that they expect to under the ALT label. They SHOULD choose a label that they expect to
be unique and, ideally, descriptive. There is no IANA controlled be unique and, ideally, descriptive. There is no IANA controlled
registry for names under the ALT TLD - it is an unmanaged namespace, registry for names under the ALT TLD - it is an unmanaged namespace,
and developers are responsible for dealing with any collisions that and developers are responsible for dealing with any collisions that
may occur under .alt. may occur under .alt. Informal lists of namespaces under .alt may
appear to assist the developer community.
[Editor note (to be removed before publication): There was [Editor note (to be removed before publication): There was
significant discussion on an IANA registry for .ALT - please consult significant discussion on an IANA registry for the ALT namespace -
the lists for full thread, but the consensus seems to be that it please consult the lists for full thread, but the consensus seems to
would be better for the IETF / IANA to not administer a registry for be that it would be better for the IETF / IANA to not administer a
this. It is expected one or more unofficial lists will be created registry for this. It is expected one or more unofficial lists will
where people can list the strings that they are using. ] be created where people can list the strings that they are using. ]
Currently deployed projects and protocols that are using pseudo-TLDs Currently deployed projects and protocols that are using pseudo-TLDs
may decide to move under the ALT TLD, but this is not a requirement. may decide to move under the ALT TLD, but this is not a requirement.
Rather, the ALT TLD is being reserved so that future projects of a Rather, the ALT TLD is being reserved so that current and future
similar nature have a designated place to create alternate resolution projects of a similar nature have a designated place to create
namespaces that will not conflict with the regular DNS context. alternate resolution namespaces that will not conflict with the
regular DNS context.
A number of names other than .ALT were considered and discarded. In 3.1. Choice of the ALT Name
A number of names other than "ALT" were considered and discarded. In
order for this technique to be effective the names need to continue order for this technique to be effective the names need to continue
to follow both the DNS format and conventions (a prime consideration to follow both the DNS format and conventions (a prime consideration
for alternate name formats is that they can be entered in places that for alternate name formats is that they can be entered in places that
normally take DNS context names); this rules out using suffixes that normally take DNS context names); this rules out using suffixes that
do not follow the usual letter, digit, and hyphen label convention. do not follow the usual letter, digit, and hyphen label convention.
Another proposal was that the ALT TLD instead be a reservation under Another proposal was that the ALT TLD instead be a reservation under
.arpa. This was considered, but rejected for several reasons, .arpa. This was considered, but rejected for several reasons,
including: including:
1. We wished this to make it clear that this is not in the DNS 1. We wished this to make it clear that this is not in the DNS
context, and .arpa clearly is. context, and .arpa clearly is.
2. The use of the string .ALT is intended to evoke the alt.* 2. The use of the string .alt is intended to evoke the alt.*
hierarchy in Usenet. hierarchy in Usenet.
3. We wanted the string to be short and easily used. 3. We wanted the string to be short and easily used.
4. A name underneath .arpa would consume at least five additional 4. A name underneath .arpa would consume at least five additional
octets of the total 255 octets available in domain names, which octets of the total 255 octets available in domain names, which
could put pressure on applications that need long machine- could put pressure on applications that need long machine-
generated names. generated names.
5. We are suggesting that the string .ALT get special treatment in 5. We are suggesting that the string "ALT" get special treatment in
resolvers, and shim software. We are concerned that using resolvers, and shim software. We are concerned that using
subdomains of an existing TLD (like .arpa) might end up with bad subdomains of an existing TLD (like .arpa) might end up with bad
implementations misconfiguring / overriding the TLD itself and implementations misconfiguring / overriding the TLD itself and
breaking .arpa. breaking .arpa.
There is a concern that if there were placed under .arpa, There is a concern that if there were placed under .arpa,
inexperienced nameserver operators may inadvertently cover .arpa. A inexperienced nameserver operators may inadvertently cover .arpa. A
more significant concern is that the scope of the issue if the query more significant concern is that the scope of the issue if the query
does leak, and the fact that this would then make the root of the does leak, and the fact that this would then make the root of the
alternate naming namespace a third level domain, and not a second alternate naming namespace a third level domain, and not a second
skipping to change at page 7, line 27 skipping to change at page 7, line 42
allocation by registries/registrars. allocation by registries/registrars.
5. Security Considerations 5. Security Considerations
One of the motivations for the creation of the alt pseudo-TLD is that One of the motivations for the creation of the alt pseudo-TLD is that
unmanaged labels in the managed root name space are subject to unmanaged labels in the managed root name space are subject to
unexpected takeover if the manager of the root name space decides to unexpected takeover if the manager of the root name space decides to
delegate the unmanaged label. delegate the unmanaged label.
The unmanaged and "registration not required" nature of labels The unmanaged and "registration not required" nature of labels
beneath .ALT provides the opportunity for an attacker to re-use the beneath .alt provides the opportunity for an attacker to re-use the
chosen label and thereby possibly compromise applications dependent chosen label and thereby possibly compromise applications dependent
on the special host name. on the special host name.
6. Acknowledgements 6. Acknowledgements
The authors understand that there is much politics surrounding the The authors understand that there is much politics surrounding the
delegation of a new TLD and thank the ICANN liaison in advance. delegation of a new TLD and thank the ICANN liaison in advance.
We would also like to thank Joe Abley, Mark Andrews, Marc Blanchet, We would also like to thank Joe Abley, Mark Andrews, Marc Blanchet,
John Bond, Stephane Bortzmeyer, David Cake, David Conrad, Patrik John Bond, Stephane Bortzmeyer, David Cake, David Conrad, Patrik
Faltstrom, Olafur Gudmundsson, Paul Hoffman, Joel Jaeggli, Ted Lemon, Faltstrom, Olafur Gudmundsson, Paul Hoffman, Joel Jaeggli, Ted Lemon,
Edward Lewis, George Michaelson, Ed Pascoe, Arturo Servin, and Paul Edward Lewis, George Michaelson, Ed Pascoe, Arturo Servin, and Paul
Vixie for feedback. Vixie for feedback.
7. Normative References 7. Normative References
[RFC1034] Mockapetris, P., "Domain names - concepts and facilities", [RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
STD 13, RFC 1034, November 1987. STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987,
<http://www.rfc-editor.org/info/rfc1034>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/
RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC6303] Andrews, M., "Locally Served DNS Zones", BCP 163, RFC [RFC6303] Andrews, M., "Locally Served DNS Zones", BCP 163, RFC
6303, July 2011. 6303, DOI 10.17487/RFC6303, July 2011,
<http://www.rfc-editor.org/info/rfc6303>.
[RFC6761] Cheshire, S. and M. Krochmal, "Special-Use Domain Names", [RFC6761] Cheshire, S. and M. Krochmal, "Special-Use Domain Names",
RFC 6761, February 2013. RFC 6761, DOI 10.17487/RFC6761, February 2013,
<http://www.rfc-editor.org/info/rfc6761>.
Appendix A. Changes / Author Notes. Appendix A. Changes / Author Notes.
[RFC Editor: Please remove this section before publication ] [RFC Editor: Please remove this section before publication ]
From -01 to -02:
o Merged a bunch of changes from Paul Hoffman. Thanks for sending a
git pull.
From -00 to 01: From -00 to 01:
o Removed the "delegated to new style AS112 servers" text -this was o Removed the "delegated to new style AS112 servers" text -this was
legacy from the omnicient AS112 days. (Joe Abley) legacy from the omnicient AS112 days. (Joe Abley)
o Removed the "Advice to implemntors" section. This used to o Removed the "Advice to implemntors" section. This used to
recommend that people used a subdomain of a domain in the DNS. It recommend that people used a subdomain of a domain in the DNS. It
was pointed out that this breaks things badly if the domain was pointed out that this breaks things badly if the domain
expires. expires.
 End of changes. 26 change blocks. 
37 lines changed or deleted 56 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/