Re: [DNSOP] Last Call: <draft-ietf-dnsop-obsolete-dlv-00.txt> (Moving DNSSEC Lookaside Validation (DLV) to Historic Status) to Informational RFC
Randy Bush <randy@psg.com> Thu, 05 September 2019 21:46 UTC
Return-Path: <randy@psg.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4237312018B; Thu, 5 Sep 2019 14:46:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V-G9Q4PVLIvJ; Thu, 5 Sep 2019 14:46:15 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1B0B120232; Thu, 5 Sep 2019 14:46:15 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from <randy@psg.com>) id 1i5za1-00066t-Ht; Thu, 05 Sep 2019 21:46:13 +0000
Date: Thu, 05 Sep 2019 14:46:12 -0700
Message-ID: <m2imq68li3.wl-randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Michael Sinatra <michael@brokendns.net>
Cc: dnsop@ietf.org, draft-ietf-dnsop-obsolete-dlv@ietf.org, dnsop-chairs@ietf.org, IETF Rinse Repeat <ietf@ietf.org>
In-Reply-To: <9131d5a0-89a9-7972-89bc-0c5dbc52aaa1@brokendns.net>
References: <156764055661.22821.274141071401649127.idtracker@ietfa.amsl.com> <m2pnke8pm2.wl-randy@psg.com> <AB75CAA6-E780-4F45-A3E8-C435497B4942@nohats.ca> <2625858.BhlKzlQLXd@linux-9daj> <9131d5a0-89a9-7972-89bc-0c5dbc52aaa1@brokendns.net>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.2 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/7mHrvoNtNM0zLGsnfD7p_Cj6GPc>
Subject: Re: [DNSOP] Last Call: <draft-ietf-dnsop-obsolete-dlv-00.txt> (Moving DNSSEC Lookaside Validation (DLV) to Historic Status) to Informational RFC
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Sep 2019 21:46:17 -0000
> I remember scaring a bunch of people at a NANOG meeting by suggesting > that we should have an alternate method of establishing trust, and > that method should be non-hierarchical (or perhaps > "counter-hierarchical"). I believe I used "DLV-like" to describe it > and I remember the reactions I got (esp from Randy). My goal was to > mitigate risk from anything that might cause the root KSK to become > bolloxed, like a botched key roll. you misunderstood me. dlv had no particular trust model. i was and remain a web of trust heritic as far as net ops is concerned. it's the way operators actually work. if you and cat, who i know, trust brielle, i'll trust her, though not necessarily her friends. lack of an inter-operator trust model is why slurm is not usable other than in one's own net. it is droll that lta-use touches this but got enough pushback from a sec ad that i have not had the time to educate. i was also not successful pushing wot in the rpki-based routing security development cabal. essentially, the ietf's total focus on the x.509 based pki hierarchy meant wot went for decades with no energy behind analysis, design, development, etc.; starved from birth. randy
- [DNSOP] Last Call: <draft-ietf-dnsop-obsolete-dlv… The IESG
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-obsolete… william manning
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-obsolete… Randy Bush
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-obsolete… Paul Wouters
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-obsolete… Paul Vixie
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-obsolete… Michael Sinatra
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-obsolete… Randy Bush
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-obsolete… Warren Kumari
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-obsolete… Paul Vixie