Re: [dnsext] Design team report on dnssec-bis-updates and CD bit
bmanning@vacation.karoshi.com Sat, 10 July 2010 21:39 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E2C203A6896; Sat, 10 Jul 2010 14:39:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.669
X-Spam-Level:
X-Spam-Status: No, score=-101.669 tagged_above=-999 required=5 tests=[AWL=-0.930, BAYES_20=-0.74, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oDc2SjVrWz6E; Sat, 10 Jul 2010 14:39:42 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 7F9903A689B; Sat, 10 Jul 2010 14:39:42 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1OXhhW-0000ov-5z for namedroppers-data0@psg.com; Sat, 10 Jul 2010 21:35:10 +0000
Received: from [2001:478:6:0:230:48ff:fe11:220a] (helo=vacation.karoshi.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72 (FreeBSD)) (envelope-from <bmanning@karoshi.com>) id 1OXhhR-0000iF-Vz for namedroppers@ops.ietf.org; Sat, 10 Jul 2010 21:35:07 +0000
Received: from karoshi.com (localhost.localdomain [127.0.0.1]) by vacation.karoshi.com (8.12.8/8.12.8) with ESMTP id o6ALXgV7026399; Sat, 10 Jul 2010 21:33:42 GMT
Received: (from bmanning@localhost) by karoshi.com (8.12.8/8.12.8/Submit) id o6ALXg8L026398; Sat, 10 Jul 2010 21:33:42 GMT
Date: Sat, 10 Jul 2010 21:33:42 +0000
From: bmanning@vacation.karoshi.com
To: Olafur Gudmundsson <ogud@ogud.com>
Cc: bmanning@vacation.karoshi.com, namedroppers@ops.ietf.org
Subject: Re: [dnsext] Design team report on dnssec-bis-updates and CD bit
Message-ID: <20100710213342.GC22072@vacation.karoshi.com.>
References: <20100709142108.GA68527@shinkuro.com> <20100709220459.GB22072@vacation.karoshi.com.> <4C388C2F.4030608@ogud.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <4C388C2F.4030608@ogud.com>
User-Agent: Mutt/1.4.1i
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>
On Sat, Jul 10, 2010 at 11:05:19AM -0400, Olafur Gudmundsson wrote: > On 09/07/2010 6:04 PM, bmanning@vacation.karoshi.com wrote: > >On Fri, Jul 09, 2010 at 10:21:08AM -0400, Andrew Sullivan wrote: > >>Dear colleagues, > >> > >>On 2010-07-06, there was a design team meeting in Bethesda, MD, to > >>address the issue of setting the CD bit in the dnssec-bis-updates > >>draft. David Blacka, Olafur Gudmundsson, Mike StJohns, and Andrew > >>Sullivan attended. > >> > >>In the meeting, we concluded by describing three different models for > >>how the CD bit is to be treated and used by a validating resolver > >>(i.e. one that has at least one trust anchor), and what interaction > >>this has with a local cache. We based these models on RFC 4035, on > >>the discussion we saw on the list on this topic, and on what we think > >>people have implemented. We want one, and only one, of these models > >>to be described in the draft as the standard model. These models are > >>outlined below. > > > > > > so the We in the para above is the design team of > > yourself, David, Olafur, and Mike. This does not meet > > the WG criteria of "five" reviewers. > > This is orthogonal, design team can be of any size, the output of an > design team can be one of: > a proposal of way forward > a list of options > a comment on a particular design. > a statement of failure to reach conclusion hum... this kind of makes the IETF WG process subject to capture, don't you think? According to you, a design team of one can make a statement about failure to reach conclusion... Thats a pretty low bar. that being said, this work was the result of just four people. > In this case we documented number of options and it is up to the working > group to discuss which one of the options to prefer or to say > that some/all will work together. except Andrew, as spokesperson for the design team cast a bias - not just the presentation of options with a request to the WG to come to consensus. To compound influence, there was an inferance that the WG chairs would close this topic by the next IETF... just 14 days. Is there a reason for the short suspense on this item and not with the other items on the WG agenda? > The problem we have had in the past was that there was no concise crisp > description of polices, MSJ as he came closest with his flow graph, > and his graph inspired the table format. Yup.. I really liked the flow graph. > We are not making any claims that this is the complete space of policies > and if there are other polices we hope that people put them forward in > the same format. 'Cept the intent to close discussion in 14 days... :) > > > > Perhaps the WG would like to weigh in on the recommendation > > that the design team came up with, ie that only one of the > > models be described as the "standard" model. > > Please, Please, Please. > The design team (hopefully) worked on creating a framework for more > productive discussion. Well, for what its worth, I can see use cases for at least two of the options that the DT produced. I would be sad if in its haste, the WG allowed a single option to be "fast-tracked" through. > >>Please offer your thoughts on these models and state which of them you > >>think should be in the draft as the way to handle the CD bit. We will > >>devote some time in the Monday Maastricht session to this issue. We > >>want to bring it to a close at that meeting. Unfortunately, I will not be at the meeting on Monday - I'll be in transit. So good luck and I hope the DT picked correctly. > > > > > > I guess the questions I have, before proceeding down the selection > > process is, Are there good reasons to use different models? (I can > > think > > of reasons to use other interpretations, fwiw). Is there > > a compelling reason to select only one model? If one is standard, > > are the others still optional or will they be forbidden? If they > > are to be forbidden, can we document why? > > > >--bill > > > This is an excellent question, > If I rephrase it: > Will it hurt interoperability if different validators implement > different models ? > Sub-question: will it hurt deployment if different models are in use ? > > Olafur
- [dnsext] Design team report on dnssec-bis-updates… Andrew Sullivan
- Re: [dnsext] Design team report on dnssec-bis-upd… bmanning
- Re: [dnsext] Design team report on dnssec-bis-upd… Olafur Gudmundsson
- Re: [dnsext] Design team report on dnssec-bis-upd… Masataka Ohta
- Re: [dnsext] Design team report on dnssec-bis-upd… bmanning
- Re: [dnsext] Design team report on dnssec-bis-upd… Andrew Sullivan
- Re: [dnsext] Design team report on dnssec-bis-upd… Jiankang YAO
- Re: [dnsext] Design team report on dnssec-bis-upd… Michael Graff
- Re: [dnsext] Design team report on dnssec-bis-upd… W.C.A. Wijngaards
- Re: [dnsext] Design team report on dnssec-bis-upd… Anthony Iliopoulos
- Re: [dnsext] Design team report on dnssec-bis-upd… Samuel Weiler
- Re: [dnsext] Design team report on dnssec-bis-upd… Mark Andrews
- Re: [dnsext] Design team report on dnssec-bis-upd… Edward Lewis
- Re: [dnsext] Design team report on dnssec-bis-upd… Olafur Gudmundsson