DNAME (and CNAME) vs DNSSEC (Was: [dnsext] Reminder: two WGLC closing in one week)

[Andrew Sullivan <ajs@commandprompt.com>]

Dear colleagues,

Given the discussion between Mike StJohns and Mark Andrews on how to
handle DNAME (or CNAME) chains in a DNSSEC context, it seems to me we
have three choices:

1.  Do nothing.  The documents are clear enough as they are.

2.  Clarify this behaviour in the 2672bis-dname document.

3.  Clarify the behaviour, but in the dnssec-bis-updates document.

Speaking only personally, it seems to me that, if we have a mailing
list thread that lasts through 4 or 5 exchanges to clarify a point, we
need to put together text to make that point clear in the resulting
RFCs.  Nobody is going to troll through old WG mailing list archives
to learn what the "right" interpretation is, and we'll see problems in
the field.

Speaking as the current shepherd for both the dname-bis and
dnssec-bis-updates drafts, I would therefore like some guidance from
the WG on what to do among 1-3.  In particular, if you think one of
those drafts is a better place for the clarification than the other,
I'd like to hear your opinion.  In terms of workflow, I will point out
that it'd be nice to be able to wrap up 2672bis-dname and punt this
problem to a later document if that's acceptable to everyone.  But if
the clarifications really need to go into 2672bis-dname, well, that's
why we have last calls.

Best regards,

Andrew

-- 
Andrew Sullivan
ajs@commandprompt.com
+1 503 667 4564 x104
http://www.commandprompt.com/

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>