Dbound BOF Agenda IETF 89, London, UK Co-chairs: Marc Blanchet and Olaf Kolkman Mailing list: dbound@ietf.org Agenda: 0. Administrativia, Chairs 1. Use Cases for the Public Suffix List, Gervase Markham 2. draft-pettersen-subtld-structure, Yngve Pettersen 3. draft-sullivan-domain-policy-authority, Andrew Sullivan 4. draft-levine-orgboundary, John Levine 5. Discussion on next steps, Chairs + RFC5434 questions such as: = problem statement clear? solvable? = work to be done in IETF? new/existing wg? = etc. =========================================== CONTEXT INFO THAT LEAD TO THIS BOF from: http://trac.tools.ietf.org/bof/trac/ ========================================== Name: Domain Boundaries (DBound) Description: Both users and applications make inferences from domain names, usually in an effort to make some determination about identity or the correct security stance to take. Such inferences, however, are usually based on heuristics, rules of thumb, and large static lists describing parts of the DNS name space. The inferences are used for several related but different purposes: establishing acceptable inter-domain cookie use establishing relationships for TLS/SSL certificate issuance display of domain names in URL bars in an effort to highlight phishing attempts locating organizational policy documents (for DMARC) in the DNS establishing "same origin" for acceptance of content HSTS and public key pinning linking domains for purposes of reporting and so on The DNS root is expanding rapidly, and the existing mechanisms -- primarily the public suffix list (​http://publicsuffix.org/) and related systems -- are unlikely to be sustainable in the medium term. Most of the existing mechanisms are managed semi-manually, and there are good reasons to suppose that the limits of such management are either about to be exceeded, or already have been. Moreover, the existing mechanisms are made without regard to the semantics of domain name boundaries, and sometimes miss subtle but important parts of those semantics (in particular, the public suffix list has sometimes failed to take into account so-called empty non-terminals). Perhaps most importantly, the public suffix list puts the control of policy assertions about a given name outside of the control of the domain operator, and in the hands of the operator of the list. There have been some proposals to improve this state of affairs: draft-levine-orgboundary-02 draft-pettersen-subtld-structure-09 draft-sullivan-domain-policy-authority-00 The purpose of this BoF is to identify as completely as we can the cases in need of addressing, to identify the necessary lines of work to address each case, and to determine whether there is sufficient interest and energy to set up a working group to complete that work. Discussion on this topic has heretofore been undertaken in the APPSAWG, but that working group asked the participants to hold a BoF on this subject to determine whether it ought to be undertaken in its own WG. The responsible Area Director (AD): Barry Leiba / Pete Resnick BoF Chairs: Olaf Kolkman <​olaf@nlnetlabs.nl>, Marc Blanchet <​marc.blanchet@viagenie.ca> Number of people expected to attend: 50 Length of session (1, 1.5, 2, or 2.5 hours): 1.5 Conflicts to avoid (whole Areas and/or WGs): Applications, DNSOP, DNSSD, DNSE BOF Does it require WebEX?: No Does it require Meetecho?: No Links to the mailing list, draft charter if any, relevant Internet-Drafts, etc: draft-levine-orgboundary-02, draft-pettersen-subtld-structure-09, draft-sullivan-domain-policy-authority-00. This has been discussed in APPSAWG.