IETF Logo Mail Archive

Re: [dd] [Ext] starting charter text for the DELEG BOF discussion

Edward Lewis <edward.lewis@icann.org> Tue, 19 March 2024 12:34 UTC

Return-Path: <edward.lewis@icann.org>
X-Original-To: dd@ietfa.amsl.com
Delivered-To: dd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84A2AC14F68A for <dd@ietfa.amsl.com>; Tue, 19 Mar 2024 05:34:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.907
X-Spam-Level:
X-Spam-Status: No, score=-6.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T9wZZtk3A_wM for <dd@ietfa.amsl.com>; Tue, 19 Mar 2024 05:34:33 -0700 (PDT)
Received: from ppa3.lax.icann.org (ppa3.lax.icann.org [192.0.33.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAB1DC14F5F4 for <dd@ietf.org>; Tue, 19 Mar 2024 05:34:33 -0700 (PDT)
Received: from MBX112-E2-VA-2.pexch112.icann.org (out.mail.icann.org [64.78.48.206]) by ppa3.lax.icann.org (8.17.1.24/8.17.1.24) with ESMTPS id 42JCYVWB011381 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 19 Mar 2024 12:34:32 GMT
Received: from MBX112-E2-VA-1.pexch112.icann.org (10.217.41.128) by MBX112-E2-VA-2.pexch112.icann.org (10.217.41.130) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Tue, 19 Mar 2024 08:34:30 -0400
Received: from MBX112-E2-VA-1.pexch112.icann.org ([10.217.41.128]) by MBX112-E2-VA-1.pexch112.icann.org ([10.217.41.128]) with mapi id 15.02.1258.028; Tue, 19 Mar 2024 08:34:30 -0400
From: Edward Lewis <edward.lewis@icann.org>
To: Wes Hardaker <wjhns1@hardakers.net>, "dd@ietf.org" <dd@ietf.org>
Thread-Topic: [Ext] [dd] starting charter text for the DELEG BOF discussion
Thread-Index: AQHabOHOZQ8sho1aWECm6xw308438LE/Gc8A
Date: Tue, 19 Mar 2024 12:34:30 +0000
Message-ID: <D3E1CFCD-D078-42AB-9049-08BE5D7968FF@icann.org>
References: <yblbk7wl65k.fsf@wx.hardakers.net>
In-Reply-To: <yblbk7wl65k.fsf@wx.hardakers.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.65.22091101
x-originating-ip: [192.0.47.234]
x-source-routing-agent: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <23B7BB30649FC5438E27DC6373DCDF17@pexch112.icann.org>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-19_02,2024-03-18_03,2023-05-22_02
Archived-At: <https://mailarchive.ietf.org/arch/msg/dd/ejrDntixQDOcmmEso_0BOq3erBM>
Subject: Re: [dd] [Ext] starting charter text for the DELEG BOF discussion
X-BeenThere: dd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DNS Delegation <dd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dd>, <mailto:dd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dd/>
List-Post: <mailto:dd@ietf.org>
List-Help: <mailto:dd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dd>, <mailto:dd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Mar 2024 12:34:37 -0000

Having read the ensuing thread, I'm coming back to the start.

First question - will a revised proposed charter be posted to the list?  Might be good to discuss again, post-bof.

Some comments on this: I think the term "registry" ought to be avoided - it puts emphasis on the current registration system model driving the Internet as we know it, as opposed to the finer points of the DNS protocol.  To this point - it's not that the registries couldn't provide more information, it's that the protocol limited what was specified, leaving much to assumed, have-to-be-hard-coded parameters.

DELEG is a replacement mechanism for delegating the name space.  What we have now (NS) is weak and is an operational nightmare (dual NS sets at cut point/apex).  We can improve it by, to start with, using the information collected and maintained to run the DNS and include that information as run-time parameters as opposed to compile-time parameters.  DELEG can help eliminate confusion over delegation points and differentiate between the kinds of delegations.

My suggestion is that the charter reflect more the impact on the protocol we now run over port 53 (or that other one for DoT) and less on the how the top-level registration system has evolved.  There's already been posts noting the registries below the TLD registries.  Beyond that substructure, DELEG will have to support other ways the name space has been carved up as well.  DELEG needs to solve for more than the TLD use case.

On 3/2/24, 15:40, "dd on behalf of Wes Hardaker" <dd-bounces@ietf.org on behalf of wjhns1@hardakers.net> wrote:


    Greetings all,

    Your BOF chairs have worked on starting text for a potential charter based on the discussions to date.  Clearly, this is starting text and deserves discussion both on the list and in the BOF. We look forward to the upcoming BOF and from hearing from everyone's opinions on this starting point for a charter.

    ----------


    # Background and Problem Space

    The DNS protocol has traditionally had limited ability to signal to recursive resolvers about the capabilities of authoritative servers they communicate with.
    In part, this stems from the inability of parents (often registries) to specify additional information about child delegations (often registrants) beyond NS, DS, and glue records.
    Further complicating matters is the inability of a registrant to signal that the operation of a delegation point is being outsourced to a different operator, leaving a challenge when operators need to update parental information that is only in the control of the child.
    A significant issue in today's deployed DNS that derives from these issues is data often being out of synchronization between parents and children. Said another way, children often have more up-to-date information about the nameservers and DNSSEC keying information than their parents due to slowness, or complete lack, of automated child-to-parent updates.

    The Internet's dependence on the DNS as a critical starting point for most communication has resulted in the development of a complex ecosystem that consists of many different parties, business relationships, and software packages.
    Software deployments exist in environments that range from small CPE devices and software packages to entire clusters of world-wide distributed server platforms.

    # Objective and Scope

    To address these challenges, the working group will first develop the requirements for adding a new signaling mechanism that allows parents to return DNS delegation information to resolvers.

    The working group will also list the other types of information not available today that might be be provided over a designed signaling mechanism.

    The working group will then define the semantics of a new signaling mechanism, taking future extensibility into account.

    The first use case for this DNS delegation signalling mechanism is expected to be delegation aliasing, where the parent returns a pointer to service provider that will then return the needed delegation information.
    This use case has been discussed for many years in the DNSOP and other Working Groups.

    The working group will only specify extensions to the DNS protocol that relate to delegation.

    # Deliverables

    - A document listing the consensus-derived requirements for a new signaling mechanism between a parent and a resolver about communication parameters available for communicating with a delegated child.
    This need not be published as an RFC and may remain as an Internet-draft.

    - A document listing, and ideally prioritizing, new delegation attributes to be distributed from parents that would benefit resolver and child communications.
    This need not be published as an RFC and may remain as an Internet-draft.

    - A specification defining the new delegation attribute signaling mechanism.
    This is expected to become a standards-track RFC.

    - A specification for how to use the new delegation attribute signaling mechanism to perform aliasing for delegation.
    This is expected to become a standards-track RFC.



    -- 
    Wes Hardaker
    USC/ISI

    -- 
    dd mailing list
    dd@ietf.org
    https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/dd__;!!PtGJab4!6oEk1JPdXfpJ7mC-LsETadRh7r1_NrsDGsLdlBNmymR4QagOGSb2t7tFT5l_Ndg7s6qpf4oxBJp6HmNHbBrOYPhIHg$ [ietf[.]org]

v2.23.0 | Report a Bug | By Email