IETF Logo Mail Archive

Re: [dnsext] Design team report on dnssec-bis-updates and CD bit

Andrew Sullivan <ajs@shinkuro.com> Sun, 11 July 2010 02:36 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1510D3A68E0; Sat, 10 Jul 2010 19:36:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.572
X-Spam-Level: *
X-Spam-Status: No, score=1.572 tagged_above=-999 required=5 tests=[AWL=-0.224, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_INFO=1.448, MIME_QP_LONG_LINE=1.396, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zOp38QeY-VO6; Sat, 10 Jul 2010 19:36:55 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 153863A659A; Sat, 10 Jul 2010 19:36:54 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1OXmIf-000OKa-6c for namedroppers-data0@psg.com; Sun, 11 Jul 2010 02:29:49 +0000
Received: from [208.86.224.201] (helo=mail.yitter.info) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.72 (FreeBSD)) (envelope-from <ajs@shinkuro.com>) id 1OXmIb-000OKE-VJ for namedroppers@ops.ietf.org; Sun, 11 Jul 2010 02:29:46 +0000
Received: from [172.16.33.105] (69-196-144-230.dsl.teksavvy.com [69.196.144.230]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.yitter.info (Postfix) with ESMTPSA id 601F81ECB41F; Sun, 11 Jul 2010 02:29:43 +0000 (UTC)
References: <20100709142108.GA68527@shinkuro.com> <20100709220459.GB22072@vacation.karoshi.com.> <4C388C2F.4030608@ogud.com> <20100710213342.GC22072@vacation.karoshi.com.>
In-Reply-To: <20100710213342.GC22072@vacation.karoshi.com.>
Mime-Version: 1.0 (iPhone Mail 8A293)
Content-Type: text/plain; charset="us-ascii"
Message-Id: <245B9BED-F21A-4259-A649-0353D3248A20@shinkuro.com>
Content-Transfer-Encoding: quoted-printable
Cc: Olafur Gudmundsson <ogud@ogud.com>, "bmanning@vacation.karoshi.com" <bmanning@vacation.karoshi.com>, "namedroppers@ops.ietf.org" <namedroppers@ops.ietf.org>
X-Mailer: iPhone Mail (8A293)
From: Andrew Sullivan <ajs@shinkuro.com>
Subject: Re: [dnsext] Design team report on dnssec-bis-updates and CD bit
Date: Sat, 10 Jul 2010 22:29:41 -0400
To: "bmanning@vacation.karoshi.com" <bmanning@vacation.karoshi.com>
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>

On 2010-07-10, at 17:33, bmanning@vacation.karoshi.com wrote:

> On Sat, Jul 10, 2010 at 11:05:19AM -0400, Olafur Gudmundsson wrote:
>> On 09/07/2010 6:04 PM, bmanning@vacation.karoshi.com wrote:
>>> On Fri, Jul 09, 2010 at 10:21:08AM -0400, Andrew Sullivan wrote:
>>>> Dear colleagues,
>>>> 
>>>> On 2010-07-06, there was a design team meeting in Bethesda, MD, to
>>>> address the issue of setting the CD bit in the dnssec-bis-updates
>>>> draft.  David Blacka, Olafur Gudmundsson, Mike StJohns, and Andrew
>>>> Sullivan attended.
>>>> 
>>>> In the meeting, we concluded by describing three different models for
>>>> how the CD bit is to be treated and used by a validating resolver
>>>> (i.e. one that has at least one trust anchor), and what interaction
>>>> this has with a local cache.  We based these models on RFC 4035, on
>>>> the discussion we saw on the list on this topic, and on what we think
>>>> people have implemented.  We want one, and only one, of these models
>>>> to be described in the draft as the standard model.  These models are
>>>> outlined below.
>>> 
>>> 
>>>    so the We in the para above is the design team of
>>>    yourself, David, Olafur, and Mike.  This does not meet
>>>    the WG criteria of "five" reviewers.
>> 
>> This is orthogonal, design team can be of any size, the output of an
>> design team can be one of:
>>    a proposal of way forward
>>    a list of options
>>    a comment on a particular design.
>>    a statement of failure to reach conclusion
> 
>    hum... this kind of makes the IETF WG process subject to capture,
>    don't you think?  According to you, a design team of one can make
>    a statement about failure to reach conclusion...  Thats a pretty 
>    low bar.

To be clear, nobody is suggesting this is a WG product. If it were, we could rule on consensus rather than discussing. But we brought this input to the WG as our considered opinion. 

>    except Andrew, as spokesperson for the design team cast a 
>    bias - not just the presentation of options with a request
>    to the WG to come to consensus.  

The report says that we want one option, that's true. I personally prefer that the WG coalesce around one because I think a completely indeterminate behavior on the part of intermediate resolvers would be very bad for user experience. I'd be interested in counter arguments. 

> To compound influence, there
>    was an inferance that the WG chairs would close this topic

Actually, I don't think an inference was needed. And I didn't imply anything. I stated that if the WG couldn't reach consensus, we could leave this topic out of the draft on the grounds that we have no consensus. That's not a threat; it's the chair's job to say such things. As it transpires, I believe now that the tables are a significant enough improvement over the existing 4035 text that we should include them all if need be. But I see no reason why we cannot at least settle on a predictable default.

A

-- 
Andrew Sullivan
<ajs@shinkuro.com>

v2.31.3 | Report a Bug | By Email | System Status