IETF Logo Mail Archive

Re: [dnsext] DNSEXT closing down soon

Phillip Hallam-Baker <hallam@gmail.com> Thu, 22 December 2011 13:16 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FCF921F8B45 for <dnsext@ietfa.amsl.com>; Thu, 22 Dec 2011 05:16:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u0MeiFDn60sk for <dnsext@ietfa.amsl.com>; Thu, 22 Dec 2011 05:16:10 -0800 (PST)
Received: from mail-tul01m020-f172.google.com (mail-tul01m020-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id 849A521F8B3E for <dnsext@ietf.org>; Thu, 22 Dec 2011 05:16:10 -0800 (PST)
Received: by obcuz6 with SMTP id uz6so4700004obc.31 for <dnsext@ietf.org>; Thu, 22 Dec 2011 05:16:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=HKN1Cje2qLQXuef0fNnGJVrZGHsbXWEWrZ/0tZPy/jM=; b=SIsq1F3Uxc4aHxnP9hUZljWSpYWda/QkgUDv64SqujI5gmm7o//8pCc+W4w2ICxZsS HbeqUVNIZGAsRxeSOeMmslhtJQhH86fjCEhVFR3oeg58Bwz7t4KRU6NAG7cBh/MoiAca /iIKgz9+ELj6y9pLbErowMSbPnXOfZAQhbKD8=
MIME-Version: 1.0
Received: by 10.182.74.36 with SMTP id q4mr8923976obv.77.1324559769847; Thu, 22 Dec 2011 05:16:09 -0800 (PST)
Received: by 10.182.74.136 with HTTP; Thu, 22 Dec 2011 05:16:09 -0800 (PST)
In-Reply-To: <20111205150243.GH84440@shinkuro.com>
References: <4ED94590.3090902@ogud.com> <4ED954A2.8090708@dougbarton.us> <002301ccb1bc$d6c84980$ca01a8c0@computer> <7E643BE4-8E59-4C1A-B8EC-7EC430DD2A51@vpnc.org> <a06240801cb001060e91a@192.168.128.223> <20111205123652.GE84440@shinkuro.com> <4EDCC713.2030200@necom830.hpcl.titech.ac.jp> <20111205150243.GH84440@shinkuro.com>
Date: Thu, 22 Dec 2011 08:16:09 -0500
Message-ID: <CAMm+LwiNGGWRxrUvNDUyrxQ8+5FKnMvmSzfYUW1Lk0Wpos-sjA@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Andrew Sullivan <ajs@anvilwalrusden.com>
Content-Type: multipart/alternative; boundary="f46d0444ef2990c86a04b4ae1a24"
Cc: dnsext@ietf.org
Subject: Re: [dnsext] DNSEXT closing down soon
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Dec 2011 13:16:11 -0000

Um you are saying that it is now not possible to advance at all? The three
step process has been broken for years but it should not be that broken.

Working Groups are meant to close down, that is the objective: propose some
specs, work on them, shut down.

Lingering WGs are bad for many reasons, not least the fact that some of
them seem to find more work for the purpose of delaying closure. Often this
is work that is simply better not done. This is a particular problem with a
group like PKIX which has established a 'brand' in the industry. Some
vendors feel they have to send people to PKIX just to block new boondoggles
that would be added to the PKIX spec and then be forced to implement. So
even though the mission of PKIX is to maintain PKIX, it can't even close
obvious errors in the protocol because some people will object on
'principle'.

Of course that particular problem is worse due to the $1 billion the US DoD
spent on their PKI.


DNSEXT was set up to address one particular aspect of DNS infrastructure.
Those aspects are done about as well as we can expect.

The areas where the DNS needs to be tweaked are the interface between the
DNS and the application layer. DNSEXT is not well suited to consider that
problem as very few participants in the WG are applications developers.
Shutting down DNSEXT provides an opportunity to recruit a new group of
participants for an effort focused on the application layer.



On Mon, Dec 5, 2011 at 10:02 AM, Andrew Sullivan <ajs@anvilwalrusden.com>wrote:

> On Mon, Dec 05, 2011 at 10:28:51PM +0900, Masataka Ohta wrote:
>
> > Isn't it a well known problem of IETF standardization process
> > to require irrational amount of effort to advance PS to DS and
> > DS to IS?
>
> It would indeed require a great deal of effort now, since that
> advancement path is no longer open.
>
> > DNSSEC is a real extension? You should be joking.
>
> Regardless of what one thinks of the merits of DNSSEC, it was in fact
> a change to the protocol and in that sense an extension of
> capabilities.  Other things we have been working on are actually
> document cleanup or maintenance of existing capabilities (like adding
> new EDNS0 options or new algorithms to DNSSEC).
>
> Best,
>
> A
>
> --
> Andrew Sullivan
> ajs@anvilwalrusden.com
>
>
> _______________________________________________
> dnsext mailing list
> dnsext@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsext
>



-- 
Website: http://hallambaker.com/

v2.29.0 | Report a Bug | By Email | System Status