What do people use public suffix for?

• Previous message (by thread): What do people use public suffix for?
• Next message (by thread): What do people use public suffix for?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/19/13, Dave Crocker <dhc2 at dcrocker.net> wrote:
> On 4/19/2013 12:57 PM, Tony Finch wrote:
>> To reinforce Joe's point, there doesn't even need to be a zone cut for
>> there to be an administrative cut. There are various ISPs and dynamic DNS
>> providers that put all their users in the same zone, and the common
[snip]

In this case, there really is no administrative cut though... the
provider administers the DNS record.

> The fact that they often correlate moderately well makes it easy to miss
> the facts that a) that's not their job, and b) the correlation isn't
> perfect.  And the imperfections matter.

> That is why there is the current interest in developing a cheap,
> accurate method that /is/ intended to define organizational boundaries.


It seems this is more about providing a security function to DNS, to
inform the public, about where the responsible parties change.

The right place for this, is clearly the  DNSSEC extensions....

If  the DS record identifies a different signer, then you have an
administrative split,
or if the e-mail address field in the SOA fields of the parent zone
are different, then you have an administrative split, OR if one of the
two zones has  RP (responsible party records),  and the list of RP
records are different for the two zones, then you have an
administrative split.


If the DS record identifies the same signer, AND    the    e-mail
address in the SOA records is the same;  or the  list of e-mail
addresses in the two zones'   RP records are identical,
then you don't have an administrative split.


--
-JH

• Previous message (by thread): What do people use public suffix for?
• Next message (by thread): What do people use public suffix for?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]