Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-07

Paul Vixie <paul@redbarn.org> Fri, 23 March 2018 18:00 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BB7E12DA14 for <dnsop@ietfa.amsl.com>; Fri, 23 Mar 2018 11:00:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q-NAKD_vDlMA for <dnsop@ietfa.amsl.com>; Fri, 23 Mar 2018 11:00:15 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 360B612DA12 for <dnsop@ietf.org>; Fri, 23 Mar 2018 11:00:15 -0700 (PDT)
Received: from [172.19.248.216] (unknown [104.153.224.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 5D3CE7594C; Fri, 23 Mar 2018 18:00:09 +0000 (UTC)
Message-ID: <5AB540A3.8060609@redbarn.org>
Date: Fri, 23 Mar 2018 11:00:03 -0700
From: Paul Vixie <paul@redbarn.org>
User-Agent: Postbox 5.0.24 (Windows/20180302)
MIME-Version: 1.0
To: Joao Damas <joao@bondis.org>
CC: =?UTF-8?B?T25kxZllaiBTdXLDvQ==?= <ondrej@isc.org>, dnsop <dnsop@ietf.org>, "Wessels, Duane" <dwessels@verisign.com>
References: <83786E94-ABCA-43F9-A038-F8F61C93E797@isc.org> <783C0A50-0DC5-4BC6-A105-F19D2BEF98E4@apnic.net> <C771B8F7-E9D4-4CAC-9277-EAE3AC74CC62@isc.org> <CAHw9_iJM4nZyoytk7xgY_OzU9c7BCEpO4O+Jex9g6A58XYREGw@mail.gmail.com> <936585F3-9471-40F9-9D11-E9BBAAF90B4A@isc.org> <CAHw9_i++HAh5ZeOYB2MNHn6sQu2+ixY-aHnHDOGODu0Tq=bKyA@mail.gmail.com> <63E394C7-88B6-4DE5-9015-73C6185AFC5E@verisign.com> <40AE444C-EE44-449B-9A70-159A6F91D5BD@isc.org> <162F7A9B-6B3F-4E0D-B6DB-E5BE9D8E30D5@bondis.org>
In-Reply-To: <162F7A9B-6B3F-4E0D-B6DB-E5BE9D8E30D5@bondis.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/03gFOoxDO5ZfqaMwQJ4m579T7KQ>
Subject: Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-07
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Mar 2018 18:00:20 -0000

i'm concerned about the age-old human protocol being employed here.

first one guy shouts bikeshed! (usually somebody who's been bikeshedding.)

nextly, some folks say "the details don't matter, only uniqueness."

then there's a bunch of back and forth about whether and which details 
matter.

then there's a lot of folks saying, "personally i would go with..." or 
"i prefer ..." or "my vote is for..."

then somebody inevitably says "this is taking too long, let's just pick 
something."

it's how ipv6 and dnssec were standardized, with sweepingly bad results 
that our great grandchildren will no doubt shake their heads about, in 
wonder.

i request a different protocol.

can the co-chairs convene a design team made up of people from each camp 
named above, and lock them in a room and shove pizza under the door 
until they have a proposal that can be accepted on its _merits_?

vixie

re:

Joao Damas wrote:
> I am happy with whatever the wg agrees but let’s agree, otherwise time keeps sliding and the only label that is going to be accurate for the next generations will be “ksk-roll-that-never-was” ;)
>
> Joao
>
>> On 23 Mar 2018, at 16:13, Ondřej Surý<ondrej@isc.org>;  wrote:
>>
>> I also prefer #2
>>
>> Personally, I would go with rzksk-sentinel because it’s shorter and more accurate, but #2 will make me happy.
>>
>> Ondrej
>> --
>> Ondřej Surý — ISC
>>
>>> On 23 Mar 2018, at 15:20, Wessels, Duane<dwessels@verisign.com>;  wrote:
>>>
>>>
>>>> On Mar 23, 2018, at 5:13 AM, Warren Kumari<warren@kumari.net>;  wrote:
>>>>
>>>> Dear DNSOP,
>>>>
>>>> Please clearly express a preference for:
>>>> 1: Keeping the current label -- kskroll-sentinel-is-ta-20326.example.com
>>>> 2: Changing it to the new label -- root-key-sentinal-is-ta-20326.example.com
>>>>
>>> I prefer #2.
>>>
>>> DW
>>>
>>> _______________________________________________
>>> DNSOP mailing list
>>> DNSOP@ietf.org
>>> https://www.ietf.org/mailman/listinfo/dnsop
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://www.ietf.org/mailman/listinfo/dnsop
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

-- 
P Vixie