On Thu, Aug 17, 2023 at 10:35 PM Viktor Dukhovni <ietf-dane@xxxxxxxxxxxx> wrote:
On Thu, Aug 17, 2023 at 09:31:42PM -0400, Theodore Ts'o wrote:
> > It should be possible to have an email contact address that never
> > expires. Yes, they blew it for SMTP...
That was me, you are quoting, not Ted. Ted said email forwarding...
Yeah, those are workarounds, they are not really robust or scalable. MIT will be around in 50 years but plenty of other colleges won't.
It doesn't cost much money to have your own domain, at least by
1st-world standards. You can pay to have it hosted by a series
of providers, making sure they provide working IMAP, so that
the mailbox can be moved to another.
$10 is a month's wages for many. And that is just for the name, no services. We have to design for global scale. But worse than the fact that it is $10/yr is that so much of that cost is the cost of dealing with all the dingdongs who spend their time trying to DDoS the root DNS and the major domains...
I want to own my name outright, not rent it.
I realise that self-hosting is no longer as practical as it used to be.
I am one of a diminishing community of holdouts.
You can host your own Mesh Service Provider and there is no penalty for doing so. The only hard requirement is you need a static IP address if you are going to be hosting a private DNS zone for the callsign.
And just having a portable callsign isn't enough, I do want portable
content.
Yup, you get that as well, all for your $0.10 one time fee.
The registration assertion for @victordukovni can include authoritative servers for the zone victordukovni.mm--
This is not ICANN DNS, and no, I am not paying a cent for the ICANN CEO yacht fund. This is outside ICANN control. But anyone can service the mm-- domain, they just generate a zone file from the Callsign registry log.
What this means is that there is no single point of attack as there is for .com.
The way I would see this used is that when you onboard a new IoT device to your personal mesh, you can assign it a local name. So if you buy an Internet connected blender, you plug it in, scan the QR code on the bottom with your phone, give it the local name 'blender' and now it can be reached at https://blender.victordukovni.mm--/
OK so what if you sell the callsign? Well you were the first registrant and so https://blender.victordukovni.mm--0/ will always resolve via the assertion specified in your personal mesh.
This does not solve every issue to do with content, it is providing a permanent means of labeling a resource which is only one aspect of that problem. It doesn't solve the problem of how to obtain a paper if the original publisher goes away. But it does solve the problem of how you give every device in your house a unique DNS name and globally unique IPv6 address (the callsign registry can hand out a sequential chunk of private IPv6 space to each registrant).
The DNS names and IP addresses are not routable through the normal approach, But they can easily be made so by publishing information from the callsign registry through the DNS.
Alice runs her entire personal network on statically assigned IPv6 addresses in her own allocation because the notion of changing IPv6 addresses inside the house because the ISP rolled the DHCP assignment is whackadoodle.
Alice's DNS resolver knows to give the private IP addresses to devices inside her network and her edge devices know to give the appropriate NAT translation.
Net effect is that Alice can have the benefits of an ASN assignment without the overhead.
