[dns-dir] DNSEXT charter and treating DNS names as "the same"
Andrew Sullivan <ajs@shinkuro.com> Thu, 05 August 2010 04:03 UTC
Return-Path: <ajs@shinkuro.com>
X-Original-To: dns-dir@core3.amsl.com
Delivered-To: dns-dir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AFECE3A6A0E for <dns-dir@core3.amsl.com>; Wed, 4 Aug 2010 21:03:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.185
X-Spam-Level:
X-Spam-Status: No, score=-100.185 tagged_above=-999 required=5 tests=[BAYES_40=-0.185, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CppBPq9NSuvM for <dns-dir@core3.amsl.com>; Wed, 4 Aug 2010 21:03:38 -0700 (PDT)
Received: from mail.yitter.info (mail.yitter.info [208.86.224.201]) by core3.amsl.com (Postfix) with ESMTP id 69D863A67BD for <dns-dir@ietf.org>; Wed, 4 Aug 2010 21:03:35 -0700 (PDT)
Received: from crankycanuck.ca (unknown [12.176.20.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 0F4EB1ECB408 for <dns-dir@ietf.org>; Thu, 5 Aug 2010 04:04:02 +0000 (UTC)
Date: Thu, 05 Aug 2010 00:04:00 -0400
From: Andrew Sullivan <ajs@shinkuro.com>
To: dns-dir@ietf.org
Message-ID: <20100805040358.GE37817@shinkuro.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
Subject: [dns-dir] DNSEXT charter and treating DNS names as "the same"
X-BeenThere: dns-dir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNS directorate discussion list <dns-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dns-dir>, <mailto:dns-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dns-dir>
List-Post: <mailto:dns-dir@ietf.org>
List-Help: <mailto:dns-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-dir>, <mailto:dns-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Aug 2010 04:03:39 -0000
[NOTE: Olafur & I send this to the directorate for comment before we send it to the WG. If we hear nothing by Friday afternoon, we'll send this to the namedroppers list, and also send it (maybe with a background note) to the APP and INT area discussion lists.] Dear colleagues, One of our primary goals for DNSEXT at IETF 78 was to get feedback from the user community (in particular, application developers) who have the "aliasing" and "sameness" problem(s) with the DNS. Unfortunately, we were unable to attract many such participants. It is clear to us that none of the proposals now before DNSEXT addresses all the problems that people have. As far as we are able to tell, there are needs with respect to domain names, with respect to whole trees in the DNS, and perhaps with respect to individual labels no matter where they might appear in a domain name. None of the proposals handles all of these, and some of these needs are not addressed at all. We appear to be faced with a choice among three basic strategies: 1. Experiment: Since we don't know what the problems are, but we have people proposing solutions, we could adopt the proposed solutions experimentally, and evaluate in (say) five years whether the proposals solved the problems people have. 2. Limp along: We could accept that no proposal will solve everything, and "limp along" by standardizing properly the proposals we have, working towards clarity and precision in the problem statement and then proceeding to work on the proposals themselves. 3. Kick it upstairs: A basic problem in all of this is that the DNS does not have a presentation layer. Domain names end up being used in presentation contexts, and that's what's broken. So, we could say that there is no problem here for the DNS, but that we are ready and willing to support building a presentation layer atop the DNS. Such a specification needs to come from elsewhere. The problem with (1) is that some of the proposals are simply impossible to do as experiments (if we change the rules for CNAME, they're effectively changed forever whether we like it or not). In addition, we think it would be a very bad idea to perform such an experiment in the root, but we expect that there would be operational pressures to do so. The problem with (2) is that we make the DNS more complicated without solving all or perhaps even most of the problems people really have. The complication will be greater than many people seem to think: for instance, the BNAME proposal as it is currently written is, as far as we can tell, simply incompatible with all the deployed validators in the world. That seems like a problem that needs addressing, and we can't see how to do so easily. The problem with (3) is that it was suggested before, and got no traction. Moreover, it's very complicated, such that the work might never complete; and in the meantime, people who have a problem have no help. We DNSEXT chairs are mostly convinced that there is no current proposal that is any simpler than just duplicating zone apex data and adding a DNAME to the "alias" zones. (This suggests an option 4, which is "document how to do this by provisioning, thereby explaining why the WG is not doing anything else.) Before we propose another charter for the WG, we'd like to hear more arguments why any work is needed, and which of the options 1-3 seem like the best bet for that work. Best regards, Andrew and Olafur -- Andrew Sullivan ajs@shinkuro.com Shinkuro, Inc.
- [dns-dir] DNSEXT charter and treating DNS names a… Andrew Sullivan
- Re: [dns-dir] DNSEXT charter and treating DNS nam… Patrik Fältström
- Re: [dns-dir] DNSEXT charter and treating DNS nam… Peter Koch
- Re: [dns-dir] DNSEXT charter and treating DNS nam… Andrew Sullivan