Re: [dane] Deployment focus? Re: IETF 85 - meet or not to meet?

Warren Kumari <warren@kumari.net> Tue, 02 October 2012 21:27 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB39121F8448 for <dane@ietfa.amsl.com>; Tue, 2 Oct 2012 14:27:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.999
X-Spam-Level:
X-Spam-Status: No, score=-101.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_57=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AjHLT6X80drC for <dane@ietfa.amsl.com>; Tue, 2 Oct 2012 14:27:51 -0700 (PDT)
Received: from vimes.kumari.net (smtp1.kumari.net [204.194.22.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2198521F84F9 for <dane@ietf.org>; Tue, 2 Oct 2012 14:27:51 -0700 (PDT)
Received: from [192.168.194.120] (216-239-44-65.google.com [216.239.44.65]) by vimes.kumari.net (Postfix) with ESMTPSA id 571ED1B4041C; Tue, 2 Oct 2012 17:27:50 -0400 (EDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 6.1 \(1498\))
From: Warren Kumari <warren@kumari.net>
In-Reply-To: <E10582EC-9BFC-46D7-973F-15CDF45AC89B@danyork.org>
Date: Tue, 02 Oct 2012 17:27:47 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <9AC8675C-22B6-4502-9E00-FB51B9D36F34@kumari.net>
References: <BD9F1901-911A-49EB-9390-B18D8A9D0B30@nic.cz> <FBCB9053-91C3-4EBC-874E-97067A922E49@nic.cz> <C73CE37F-C34D-4824-AF11-D03F14AE3015@kumari.net> <15ED757A-9B2F-45CD-A1B6-0A0C8DFC2397@danyork.org> <76960946-F768-422B-A76A-17D951D29C8C@vpnc.org> <F18CD53D-8F98-409F-881C-EC56824931C4@danyork.org> <2931E1FC-20D3-4045-9146-368D3AC9D989@vpnc.org> <E10582EC-9BFC-46D7-973F-15CDF45AC89B@danyork.org>
To: Dan York <dan-ietf@danyork.org>
X-Mailer: Apple Mail (2.1498)
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, dane WG list <dane@ietf.org>
Subject: Re: [dane] Deployment focus? Re: IETF 85 - meet or not to meet?
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Oct 2012 21:27:52 -0000

On Oct 2, 2012, at 3:34 PM, Dan York <dan-ietf@danyork.org> wrote:

> Paul,
> 
> On Oct 1, 2012, at 11:52 AM, Paul Hoffman wrote:
> 
>> On Oct 1, 2012, at 8:07 AM, Dan York <dan-ietf@danyork.org> wrote:
>> 
>>> Certainly ISOC *could* hold a meeting to discuss how to get DANE more widely deployed ... and the people that would need to be at that meeting would be, well, probably pretty much many of the people who would be at the DANE working group meeting at IETF! 
>> 
>> We fully disagree there. Protocol developers are often not protocol deployers. For example, I do not contribute to DNS server or DNS admin projects; the same would be true for the large majority of the people who contributed ideas and comments to the DANE protocol.
>> 
>> ISOC could pull together a meeting of such protocol deployers, as well as enterprises who might find DANE useful, and I suspect the overlap between people at that meeting and the last DANE WG meeting would be very small.
> 
> Sigh... I will have to confess that you are probably on target here, particularly as no one else has chimed in on this general thread in the last 24 hours. 
> 
> And thus we continue with the challenge that we in the IETF typically define something as "done" when "the protocol is defined" and not when "people can actually use the protocol".  
> 
> Here we have this truly awesome piece of work, DANE, and here it will linger in limbo until eventually maybe someday someone somewhere can implement it in some fashion that some people can use in some way.
> 
> Certainly I can - and will - do everything I can both personally and within ISOC's various means to get people talking about DANE and moving toward deployment.  Within the Deploy360 Programme, we've been talking to a good number of people about how to advance the advocacy and promotion of DNSSEC... and we have been planning to incorporate DANE into that effort.  But as much as we can do, we're still one organization - or even a group of organizations and companies.  We need many more people involved.
> 
> I know you may not think of yourself as a "protocol deployer", Paul, but I would argue that we do need everyone on this list thinking about how we can get DANE deployed.
> 
> DANE is far too awesome - and far too powerful - to let it linger in limbo.

Thanks, we are glad you like it :-)

More seriously though, this is yet another chicken-and-egg problem…

In this particular case I think that the easiest / fastest way to get better deployment is to convince the browser manufactures to include support for DANE -- this will incentivize[0] folk to deploy records…

W

[0]: Whoohoo, "incentivize" !
> 
> My 2 cents,
> Dan
> 
> -- 
> Dan York  dyork@lodestar2.com
> http://www.danyork.me/   skype:danyork
> Phone: +1-802-735-1624
> Twitter - http://twitter.com/danyork
> 
> 
> 
> _______________________________________________
> dane mailing list
> dane@ietf.org
> https://www.ietf.org/mailman/listinfo/dane