IETF Logo Mail Archive

Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-07

Mark Andrews <marka@isc.org> Fri, 23 March 2018 11:47 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D7EF12D87D for <dnsop@ietfa.amsl.com>; Fri, 23 Mar 2018 04:47:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F1CXkFHkDR2j for <dnsop@ietfa.amsl.com>; Fri, 23 Mar 2018 04:47:13 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A777E12D7F3 for <dnsop@ietf.org>; Fri, 23 Mar 2018 04:47:13 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 71F7A3AB007; Fri, 23 Mar 2018 11:47:13 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 5BBDC160051; Fri, 23 Mar 2018 11:47:13 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 40141160067; Fri, 23 Mar 2018 11:47:13 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 695NUv85iogR; Fri, 23 Mar 2018 11:47:13 +0000 (UTC)
Received: from [172.30.42.90] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 38904160051; Fri, 23 Mar 2018 11:47:12 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <CAHw9_iJM4nZyoytk7xgY_OzU9c7BCEpO4O+Jex9g6A58XYREGw@mail.gmail.com>
Date: Fri, 23 Mar 2018 22:47:08 +1100
Cc: Geoff Huston <gih@apnic.net>, dnsop <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <936585F3-9471-40F9-9D11-E9BBAAF90B4A@isc.org>
References: <83786E94-ABCA-43F9-A038-F8F61C93E797@isc.org> <783C0A50-0DC5-4BC6-A105-F19D2BEF98E4@apnic.net> <C771B8F7-E9D4-4CAC-9277-EAE3AC74CC62@isc.org> <CAHw9_iJM4nZyoytk7xgY_OzU9c7BCEpO4O+Jex9g6A58XYREGw@mail.gmail.com>
To: Warren Kumari <warren@kumari.net>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/-ns3QrpBQcpXVEZO2SLC09lq89s>
Subject: Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-07
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Mar 2018 11:47:15 -0000

> On 23 Mar 2018, at 10:08 pm, Warren Kumari <warren@kumari.net> wrote:
> 
> On Fri, Mar 23, 2018 at 10:07 AM, Mark Andrews <marka@isc.org> wrote:
>> Geoff you are wrong. Titles should tell you what you are about
>> to read especially technical documents. There are WAY TOO MANY
>> RFC TO READ EVERYONE ON THEM.
> 
> ... you lack ambition :-P
> 
>> 
>> If I had a TA for andrews.wattle.id.au the current title would
>> indicate that I could test resolvers to see if there is a TA
>> installed for it.
>> 
>> The current draft *is not* generic.  It is root TA specific.
>> That needs to be reflected in the title.
>> 
>> As for the label it can be used for more than rolling KSKs.
>> It can be used to see what resolvers are supporting new TA
>> *when you are not rolling keys*.  The current name reflects
>> *one* use, not all uses.
> 
> True, it does reflect one use case, not all -- however, we have
> already changed the name multiple times and implementers are
> (understandably) becoming annoyed, and supporting N different labels
> for the tester is also annoying [0].

As an implementer I say TOUGH!  The job of the working group is to
put out good specifications not to take short cuts just because
something has been implemented based on a draft.  This is the expected
cost of implementing on a draft.  I’ve re-written plenty of code to
follow draft changes.

I’ve got code to implement this.  Some corner cases are currently
undefined. Changing the label name will cause me to have to re-write
parts of what I have already written.  I know this but I’m still
calling for the changes.  Not only will the specific labels change
but potentially configuration arguments and with that documentation.

> How about a compromise - we update the draft name, but keep the label
> the same - the only people who likely care about the label are
> implementers and testers - once someone sees the name they will read
> the doc and quickly discover how it can be used.
> 
> W
> 
> 
> 
>> 
>> Mark
>> 
>>> On 23 Mar 2018, at 8:21 pm, Geoff Huston <gih@apnic.net> wrote:
>>> 
>>> 
>>> 
>>>> On 23 Mar 2018, at 12:55 am, Mark Andrews <marka@isc.org> wrote:
>>>> 
>>>> This title of this document DOES NOT match reality.
>>>> 
>>>> "A Sentinel for Detecting Trusted Keys in DNSSEC” should be
>>>> replaced by “A Root Key Trust Anchor Sentinel for DNSSEC”.
>>>> 
>>>> kskroll-sentinel-<what>-<id> really needs something other
>>>> than “kskroll” as the first field.  “root-key-sentinal-<what>-<id>”
>>>> really more clearly matches what it does.
>>>> 
>>>> Any other changes that follow from these two changes”
>>>> 
>>> 
>>> I personally think this is getting into bike shedding at this point.
>>> 
>>> The title of the document is an adequate description of the content
>>> and folk who want to know more should read the document, not guess
>>> from the title!
>>> 
>>> The label is a piece of syntactic convenience and is entirely
>>> arbitrary. We could start an almost infinite discussion thread
>>> over which label is better, but in the end its just a label.
>>> 
>>> 
>>> regards,
>>> 
>>>   Geoff
>>> 
>>> 
>>> 
>> 
>> --
>> Mark Andrews, ISC
>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
>> PHONE: +61 2 9871 4742              INTERNET: marka@isc.org
>> 
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://www.ietf.org/mailman/listinfo/dnsop
> 
> 
> 
> -- 
> I don't think the execution is relevant when it was obviously a bad
> idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair
> of pants.
>   ---maf

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email