IETF Logo Mail Archive

[dns-dir] DNSEXT charter and treating DNS names as "the same"

Andrew Sullivan <ajs@shinkuro.com> Thu, 05 August 2010 04:03 UTC

Return-Path: <ajs@shinkuro.com>
X-Original-To: dns-dir@core3.amsl.com
Delivered-To: dns-dir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AFECE3A6A0E for <dns-dir@core3.amsl.com>; Wed, 4 Aug 2010 21:03:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.185
X-Spam-Level:
X-Spam-Status: No, score=-100.185 tagged_above=-999 required=5 tests=[BAYES_40=-0.185, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CppBPq9NSuvM for <dns-dir@core3.amsl.com>; Wed, 4 Aug 2010 21:03:38 -0700 (PDT)
Received: from mail.yitter.info (mail.yitter.info [208.86.224.201]) by core3.amsl.com (Postfix) with ESMTP id 69D863A67BD for <dns-dir@ietf.org>; Wed, 4 Aug 2010 21:03:35 -0700 (PDT)
Received: from crankycanuck.ca (unknown [12.176.20.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 0F4EB1ECB408 for <dns-dir@ietf.org>; Thu, 5 Aug 2010 04:04:02 +0000 (UTC)
Date: Thu, 05 Aug 2010 00:04:00 -0400
From: Andrew Sullivan <ajs@shinkuro.com>
To: dns-dir@ietf.org
Message-ID: <20100805040358.GE37817@shinkuro.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
Subject: [dns-dir] DNSEXT charter and treating DNS names as "the same"
X-BeenThere: dns-dir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNS directorate discussion list <dns-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dns-dir>, <mailto:dns-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dns-dir>
List-Post: <mailto:dns-dir@ietf.org>
List-Help: <mailto:dns-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-dir>, <mailto:dns-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Aug 2010 04:03:39 -0000

[NOTE: Olafur & I send this to the directorate for comment before we
send it to the WG.  If we hear nothing by Friday afternoon, we'll send
this to the namedroppers list, and also send it (maybe with a
background note) to the APP and INT area discussion lists.]

Dear colleagues,

One of our primary goals for DNSEXT at IETF 78 was to get feedback
from the user community (in particular, application developers) who
have the "aliasing" and "sameness" problem(s) with the DNS.
Unfortunately, we were unable to attract many such participants. 

It is clear to us that none of the proposals now before DNSEXT
addresses all the problems that people have.  As far as we are able to
tell, there are needs with respect to domain names, with respect to
whole trees in the DNS, and perhaps with respect to individual labels
no matter where they might appear in a domain name.  None of the
proposals handles all of these, and some of these needs are not
addressed at all.

We appear to be faced with a choice among three basic strategies:

    1.  Experiment: Since we don't know what the problems are, but we
    have people proposing solutions, we could adopt the proposed
    solutions experimentally, and evaluate in (say) five years whether
    the proposals solved the problems people have.

    2.  Limp along: We could accept that no proposal will solve
    everything, and "limp along" by standardizing properly the
    proposals we have, working towards clarity and precision in the
    problem statement and then proceeding to work on the proposals
    themselves.

    3.  Kick it upstairs: A basic problem in all of this is that the
    DNS does not have a presentation layer.  Domain names end up being
    used in presentation contexts, and that's what's broken.  So, we
    could say that there is no problem here for the DNS, but that we
    are ready and willing to support building a presentation layer
    atop the DNS.  Such a specification needs to come from elsewhere.

The problem with (1) is that some of the proposals are simply
impossible to do as experiments (if we change the rules for CNAME,
they're effectively changed forever whether we like it or not).  In
addition, we think it would be a very bad idea to perform such an
experiment in the root, but we expect that there would be operational
pressures to do so.

The problem with (2) is that we make the DNS more complicated without
solving all or perhaps even most of the problems people really have.
The complication will be greater than many people seem to think: for
instance, the BNAME proposal as it is currently written is, as far as
we can tell, simply incompatible with all the deployed validators in
the world.  That seems like a problem that needs addressing, and we
can't see how to do so easily.

The problem with (3) is that it was suggested before, and got no
traction.  Moreover, it's very complicated, such that the work might
never complete; and in the meantime, people who have a problem have no
help.

We DNSEXT chairs are mostly convinced that there is no current
proposal that is any simpler than just duplicating zone apex data and
adding a DNAME to the "alias" zones.  (This suggests an option 4,
which is "document how to do this by provisioning, thereby explaining
why the WG is not doing anything else.)  Before we propose another
charter for the WG, we'd like to hear more arguments why any work is
needed, and which of the options 1-3 seem like the best bet for that
work.

Best regards,

Andrew and Olafur

-- 
Andrew Sullivan
ajs@shinkuro.com
Shinkuro, Inc.

v2.23.0 | Report a Bug | By Email