[Yeti DNS Discuss] [Experiment idea] DNAME from .local to AS112
paul at redbarn.org
Mon Apr 25 03:43:14 UTC 2016
Stephane Bortzmeyer wrote:
> On Fri, Apr 22, 2016 at 11:40:45PM +0800,
> Shane Kerr<shane at biigroup.cn> wrote
> a message of 30 lines which said:
>> Personally I think it is more important to keep with the *spirit* of
>> the Yeti policy, which I think is that we intend to work the same as
>> the IANA root from the end user point of view.
we did not describe the "spirit" which, i agree, is no production level
competition to the iana system of publication or allocation. what we
said was "there will be no amendments".
the people who would have to certify that we were acting within the
spirit of what we said at our outset would be the authority operators,
and the recursive operators, and somebody like the IETF. we can't be the
ones certifying that, or we'll be seen as the fox guarding the hen house.
> I fully agree. In my opinion, when we promised "we will respect the
> IANA name space", it clearly meant "we will not redelegate .com to
> someone else than Verisign and we will not add .amazon if it is not in
> the IANA root". Adding DNAME for non-existing TLD is not "an alternate
> name space".
what a name space is and what a domain name is, are currently being
argued. we can't presume upon the outcome of that argument. there's no
safe harbor in that argument for our possible use of .local or similar.
> Also, do note a very important point in the Internet-Draft: Yeti does
> not cherry-pick the TLD to delegate to AS112. We rely on a choice (the
> special-use domain registry) already sanctioned by IETF and recorded
> by IANA. Therefore, we will not have, inside Yeti, discussions about
> "should we also delegate .belkin or not?"
i know. but had we carved this out initially, i think public acceptance
of our experiment would have been lower, since we would have been seen
as more controversial. at any rate we must assume that this is possible
for some participants, and therefore, we must get their permission to
amend the namespace we're offering, or else, it must be exactly
equivilent to the IANA name space. all we change, today, is the apex NS
RR, and the DNSSEC keys and signatures and delegated signers. that must
not change without full public review equal to what we had before day 1.
ideally, IANA itself would publish an experimental zone containing new
AS112 delegations, after having been requested to do so by the IETF, and
we could just publish that zone, with our DNSSEC signatures. that's an
outcome worth working for, since it would help other experimenters also.
but, do to the "third rail" problem, i think it can't be done.
More information about the discuss