Ran Atkinson writes:
| The semantics of an FQDN is not crisp and clear
| these days as is once was.
Wow, your memory must be better than mine if you remember
crispness & clarity. :-)
| For example, www.cnn.com names a set of content
| rather than naming a single given host.
|
| Unicast ESP/AH SAs have to be between pairs of hosts.
It's down to what kind of "who" you want to represent;
I think it is reasonable to have more than one "who" namespace,
allowing one to find a particular application (the web server
that will cough up CNN's news, or the mail server that will
receive mail for Ran Atkinson) as well as a particular host.
This, moreover, makes application migration easier to deal with.
Again, the trick is to be able to do a symmetrical mapping
between "who-application" and "who-host".
Here's a question for you: given these two namespaces (one
being hypothetical), which one will find more common use by _you_?
| So FQDNs can't quite do the trick, even with DNSSEC
I think the argument goes that a DNS-like distributed database
is a good idea, and that the DNS can be munged into doing the
work initially without enormous effort. Yes, this means a
different namespace or two beyond the "IN" one, but is that a big deal?
| (NB: my analysis above assumes that DNSSEC is widely deployed
| and ubiquitously available; in the current reality of very limited
| DNSSEC deployment, things aren't quite as nice as what
| I outline above).
Well, so who wants to write a resolver that makes use of
Jon Crowcroft's idea on replacing the existing DNS lookup mechanism?
Sean.