IETF Logo Mail Archive

Re: [DNSOP] Pity (was Re: Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>)

Suzanne Woolf <suzworldwide@gmail.com> Fri, 09 October 2015 21:48 UTC

Return-Path: <suzworldwide@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66E381B4D41 for <dnsop@ietfa.amsl.com>; Fri, 9 Oct 2015 14:48:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Oy_wccDyIqhe for <dnsop@ietfa.amsl.com>; Fri, 9 Oct 2015 14:48:43 -0700 (PDT)
Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3A361B4D40 for <dnsop@ietf.org>; Fri, 9 Oct 2015 14:48:43 -0700 (PDT)
Received: by qkdo1 with SMTP id o1so29378818qkd.1 for <dnsop@ietf.org>; Fri, 09 Oct 2015 14:48:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=2V2y6ASeZoQnpHTYJ+A1UcS4+QkJ9WlwID5W2yX32hk=; b=QooKMVTZvv9Z/Xx0IcON5t5JFhGgV2KzhXYxLje9lJcIQZmwCS9hIs4pEoooswwPZa yJv6TdbqIJL2qr1mok0wNwf/ps0jbbC6jUpEuJM+YyMFJOmPceLsOgp3iH/whWKtJEU/ cWDUa7tKvaiwUM34FzCqV1VQaFRYg4Zn9WISwkmz6HNcP8h48eH7N6taApYT9ApYM4lh iowYfQbFaRomoBrQi8t8NZtI96VjRHzLvJiGUlPjLCmhBuyRQqYEy8s/M34RILp6f4ZB fN0r9ETUJx6xhTdNvtQXgIsrk9X/3LicL1jctff7gBS7F6rRtAT2DLnjKuHOsWsnNYys z70g==
X-Received: by 10.55.33.35 with SMTP id h35mr17886708qkh.71.1444427322783; Fri, 09 Oct 2015 14:48:42 -0700 (PDT)
Received: from [10.0.0.15] (c-24-63-89-87.hsd1.ma.comcast.net. [24.63.89.87]) by smtp.gmail.com with ESMTPSA id d62sm1533219qhc.19.2015.10.09.14.48.42 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 09 Oct 2015 14:48:42 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Suzanne Woolf <suzworldwide@gmail.com>
In-Reply-To: <561814A6.3040703@redbarn.org>
Date: Fri, 09 Oct 2015 17:49:01 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <6A26E56C-4EB9-4464-AB59-2848456C09EB@gmail.com>
References: <20151009011039.36478.qmail@ary.lan> <90410066-79B0-4DDE-89F7-CE2BB5DA2307@karoshi.com> <E6CCA2DC-7EA6-40BC-BBFE-EAE3505589A3@hopcount.ca> <790654E4-3EF8-44B3-BD92-638EACA0959A@karoshi.com> <F5A8CCB7-5E1C-4547-AD55-1EDE286E59C7@hopcount.ca> <20151009191327.GL20427@mx2.yitter.info> <561814A6.3040703@redbarn.org>
To: Paul Vixie <paul@redbarn.org>
X-Mailer: Apple Mail (2.1510)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/6F375CRzoDPduAOio5mzBcHS970>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Pity (was Re: Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Oct 2015 21:48:45 -0000

(no hats)

On Oct 9, 2015, at 3:25 PM, Paul Vixie <paul@redbarn.org> wrote:

> no longer. he needed client-subnet for his
> business, that year, not this year. i didn't and still don't like that
> protocol and i fear its long term implications, but i understand why he
> did it the way he did it.

I think client-subnet was actually an interesting example of several things.

When it was originally brought to the IETF, people didn't like it, so it didn't get through the WG (DNSEXT?). The Options registry policy at the time was, I think, Standards Action, so they couldn't get an IANA-registered codepoint, either.

As Paul points out, they wrote their technology and started using it anyway.

The registry policy was changed, partly because of cases like this, to Expert Review, and a codepoint was requested, without an RFC. It was granted, so the technology could be extended by the use of a registered codepoint.

The original authors of the draft came back to the DNSOP chairs and expressed an interest in documenting the protocol anyway. We encouraged them to do that-- we figured that since there's a properly registered codepoint, and the technology is in use even though DNSEXT five years ago didn't like it, documented is better than not.

The current client-subnet document describes the technology currently in use, and suggests that the protocol could be revised, in light of experience, to work better, including making it easier for clients to opt out.

I would hope that when that protocol revision is undertaken that the authors will be willing to document it in the IETF, and that they get the review they need to help them make a better protocol.

If we succeed, there will be a better protocol, and review in the IETF will be part of why it's better, and it will be documented in an RFC.

If we fail, there may or may not be a better protocol, but the IETF will have nothing to do with it, and it may never be documented in an RFC. 

I'd like to see the first option happen. I think it's entirely possible, and will do what I can to enable it. 


Suzanne

v2.23.0 | Report a Bug | By Email