IETF Logo Mail Archive

Re: [DNSOP] New Version Notification for draft-kumari-ogud-dnsop-cds-02.txt

Edward Lewis <ed.lewis@neustar.biz> Wed, 10 July 2013 13:19 UTC

Return-Path: <ed.lewis@neustar.biz>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9F9211E8197 for <dnsop@ietfa.amsl.com>; Wed, 10 Jul 2013 06:19:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.868
X-Spam-Level:
X-Spam-Status: No, score=-101.868 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, IP_NOT_FRIENDLY=0.334, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mnNjuR-6XOZ5 for <dnsop@ietfa.amsl.com>; Wed, 10 Jul 2013 06:19:16 -0700 (PDT)
Received: from smtp125.dfw.emailsrvr.com (smtp125.dfw.emailsrvr.com [67.192.241.125]) by ietfa.amsl.com (Postfix) with ESMTP id A335411E8180 for <dnsop@ietf.org>; Wed, 10 Jul 2013 06:19:16 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp2.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTP id 519597819F; Wed, 10 Jul 2013 09:19:15 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp2.relay.dfw1a.emailsrvr.com (Authenticated sender: edlewis-AT-ogud.com) with ESMTPSA id D96FA7819A; Wed, 10 Jul 2013 09:19:14 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: multipart/alternative; boundary="Apple-Mail=_EFABB397-4B8E-4B1E-B09C-DEC00431B68E"
From: Edward Lewis <ed.lewis@neustar.biz>
In-Reply-To: <51DBBFBD.5020300@sidn.nl>
Date: Wed, 10 Jul 2013 09:19:17 -0400
Message-Id: <84BD536A-9096-47C7-AE3B-1AEE7A8D0393@neustar.biz>
References: <20130617165829.2638.88322.idtracker@ietfa.amsl.com> <DD7454F5-6B16-4EBA-A380-C51E2302E5E9@kumari.net> <alpine.LFD.2.10.1306171417150.18979@bofh.nohats.ca> <0lsj0b2kk5.fsf@wjh.hardakers.net> <51C96B62.9030401@nlnetlabs.nl> <2350A43B-088E-4BEA-9317-98B8372C74BE@ogud.com> <51D18336.5010401@nlnetlabs.nl> <9245734C-D614-41C4-B2FC-C39D6DAAA5C3@ogud.com> <8E20305A-4B51-4714-B339-0C5703E75828@sinodun.com> <A82661B1-414B-435C-B359-53BC0F17EEA3@ogud.com> <33496ED6-4D88-485B-8369-566B2A1FC7C0@frobbit.se> <51DBBFBD.5020300@sidn.nl>
To: Antoin Verschuren <Antoin.Verschuren@sidn.nl>
X-Mailer: Apple Mail (2.1283)
Cc: dnsop@ietf.org, Edward Lewis <ed.lewis@neustar.biz>
Subject: Re: [DNSOP] New Version Notification for draft-kumari-ogud-dnsop-cds-02.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jul 2013 13:19:22 -0000

On Jul 9, 2013, at 3:46, Antoin Verschuren wrote:

> I know you all wish the world was simpler, but it isn't, We've tried.


I'd voiced support for CDS before and have even gone as far as visiting with Olafur and Warren to work on the mechanism.

But since the last conversation, I'm not as optimistic.  In part because of what Antoin wrote above.

I wish that we could have something done only in-band but I also think it will be impossible to achieve this.

The CDS proposal is fine for answering the question of how data is marshalled, but it doesn't answer other factors.  I haven't been able to draw a circle around the other factors - is what we are trying to achieve a "transaction" or a version of a "remote procedure call" or something else.

That the child has no information about the parent - in the sense that some parents have cutpoints deeper than 1 and that the child zone has no information about the parent name servers, knowing where how to locate the service is difficult.  (I'm leaving out the possibility of using a recursive server to discover the parent because that's a function that you really don't want in a key management system or an authoritative server.

There is also no "semaphore" system in place that will inform the parent and child what state of the DS transfer is in.  The draft assumes a poll cycle on the parent and detection by the client - but what if there's a race condition?  Or one side gets stuck in a state (of the protocol state machine) and leaves the other side spinning?

These are concerns that are not well defined and I've off and on tried to find a more rigorous framework from which to hang them.  But Antoin sums up the "operator" view that - the world is more complicated than a simple solution away from completeness.

I said "I'm not as optimistic."  This doesn't mean I'm pessimistic nor withdrawing support for working on this in the working group.  There's a need to make DS management easier but a simple solution is no longer what I envision.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis             
NeuStar                    You can leave a voice message at +1-571-434-5468

There are no answers - just tradeoffs, decisions, and responses.

v2.23.0 | Report a Bug | By Email