IETF Logo Mail Archive

Re: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>

"Joe Abley" <jabley@hopcount.ca> Sun, 04 October 2015 19:31 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEAD21A8A3D for <dnsop@ietfa.amsl.com>; Sun, 4 Oct 2015 12:31:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id emwW0oML8yKx for <dnsop@ietfa.amsl.com>; Sun, 4 Oct 2015 12:31:46 -0700 (PDT)
Received: from mail-io0-x231.google.com (mail-io0-x231.google.com [IPv6:2607:f8b0:4001:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 852CE1A8954 for <dnsop@ietf.org>; Sun, 4 Oct 2015 12:31:46 -0700 (PDT)
Received: by ioiz6 with SMTP id z6so165798441ioi.2 for <dnsop@ietf.org>; Sun, 04 Oct 2015 12:31:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-type; bh=tFrqad1MVKIfpSL5gXwy3QnqzBr6czpGh4KYuaCE52Q=; b=MrfRfamN0dlM7cYrFPHbLuOppZJpEFvPKN6Yz/iD2tptMpjc2kkSfAd9jusafqeqEg qx8WTA/vJnNKLHxeTKDZXOTuTvBVXvZbscJGt5hopDQhwLFNYlH26wg4ukH5iVpjxwNE 2fMQRCKNSrJU/Vec4tEvr24i4VdjwWapN8nE4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-type; bh=tFrqad1MVKIfpSL5gXwy3QnqzBr6czpGh4KYuaCE52Q=; b=FvUp7nhuUPVUpJ6K/wRoriT0elnPMGX2uQdEih5LseNJ8L6Uy/9TgxViO5w4GpSsUJ scPYKFTxLYCAuRYQNycGtTIVCdApUlYi6SYkvaA5bd5NGsGfB96Z+Wv6IZ0vMO/fEtb/ lUdvXo7vcZZmMqZ5hXwmgesRWx0T587ik5juz46FGxp42eO5jwbDpV45gIEWhMMgCQF4 Zx1frCwszG4Nf5bZHpFXTXWWpkRw38OP7TzFqTsWVyR3R2Mc8WyDVmNXaC6vB0ULC82W T9dNK1BwkM8nf9WquZHYNv/V8ieEGkJfFStfXpCsoI246pt7qowxrwwJCiuP5CXKoSx3 iavw==
X-Gm-Message-State: ALoCoQkdQWtzswS8blJkANA714iX+2wdgszp2GXkf2md3Cvyh3z5gK5K0a4FT+dpRb0sSKDNPW3W
X-Received: by 10.107.8.212 with SMTP id h81mr24454985ioi.89.1443987105876; Sun, 04 Oct 2015 12:31:45 -0700 (PDT)
Received: from [199.212.92.18] (135-23-68-43.cpe.pppoe.ca. [135.23.68.43]) by smtp.gmail.com with ESMTPSA id 189sm9038289ioe.40.2015.10.04.12.31.44 (version=TLSv1 cipher=RC4-SHA bits=128/128); Sun, 04 Oct 2015 12:31:44 -0700 (PDT)
From: Joe Abley <jabley@hopcount.ca>
To: David Conrad <drc@virtualized.org>
Date: Sun, 04 Oct 2015 15:31:52 -0400
Message-ID: <EB3C1283-12FD-4F65-9056-2F9C681463BE@hopcount.ca>
In-Reply-To: <FDD04DCC-59C5-41F5-8CAF-1EF31CD65A34@virtualized.org>
References: <20150928114202.823.19868.idtracker@ietfa.amsl.com> <0E4AA958-7740-4602-A3CF-D2E481DBC15E@hopcount.ca> <20150928155325.GA63874@gaon.net> <20150929095301.32c3e6a3@casual> <13F1D87F-1C07-40EB-86B0-564C4109C9B0@virtualized.org> <1973252D-924F-4EF1-A38F-5EC01AD331F6@gmail.com> <FDD04DCC-59C5-41F5-8CAF-1EF31CD65A34@virtualized.org>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=_MailMate_2173C753-5AA1-4932-9B3B-643399605F10_="; micalg="pgp-sha1"; protocol="application/pgp-signature"
X-Mailer: MailMate (1.9.2r5141)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/0r6h4Tq4UJK_mUPFYMfqnQmNNLQ>
Cc: Suzanne Woolf <suzworldwide@gmail.com>, dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Oct 2015 19:31:48 -0000

Hi David,

On 4 Oct 2015, at 14:00, David Conrad wrote:

> On Oct 2, 2015, at 9:10 AM, Suzanne Woolf <suzworldwide@gmail.com> wrote:
>>>>> Preempting a WGLC, I support the document.  It states its aim of
>>>>> documenting existing practices, and it does so clearly.
>>>>
>>>> I agree completely. I am actually confused as to why it is not already
>>>> an RFC.
>>>
>>> +1
>
> I've since been told that the draft doesn't actually document current practice (don't know the details), so this probably needs to be fixed.

If you could share who told you that, that might be a good starting point :-)

>> Well, as a technicality, I don't see that this draft was ever adopted by the WG.
>
> Perhaps that might be a good next step?

We have other examples in recent history of an informational draft that documents current practice being published as an AD-sponsored document; examples that spring to mind are RFC 5855 and RFC 7108. But regardless of what mechanism is used to publish the document, we need to be sure that it has been well-reviewed in this working group. Certainly it's clear that it's not worth publishing if it doesn't document what it claims to document.

In my opinion, the draft in this space that really does want to be a dnsop document is draft-jabley-dnsop-validator-bootstrap.

Regardless of whether draft-jabley-dnssec-trust-anchor proceeds as a wg draft, or as an AD-sponsored individual submission, or is dropped altogether, I really think we want the recommended mechanisms by which a validator sets itself up to be predictable and solid. That's important for validators running on a server with live human technical operators, validators running on home gateways and other embedded environments and everything in-between.


Joe

v2.23.0 | Report a Bug | By Email