Re: [DNSOP] Last Call: <draft-ietf-dnsop-obsolete-dlv-00.txt> (Moving DNSSEC Lookaside Validation (DLV) to Historic Status) to Informational RFC

Randy Bush <> Thu, 05 September 2019 21:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4237312018B; Thu, 5 Sep 2019 14:46:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id V-G9Q4PVLIvJ; Thu, 5 Sep 2019 14:46:15 -0700 (PDT)
Received: from ( [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A1B0B120232; Thu, 5 Sep 2019 14:46:15 -0700 (PDT)
Received: from localhost ([] by with esmtp (Exim 4.90_1) (envelope-from <>) id 1i5za1-00066t-Ht; Thu, 05 Sep 2019 21:46:13 +0000
Date: Thu, 05 Sep 2019 14:46:12 -0700
Message-ID: <>
From: Randy Bush <>
To: Michael Sinatra <>
Cc:,,, IETF Rinse Repeat <>
In-Reply-To: <>
References: <> <> <> <2625858.BhlKzlQLXd@linux-9daj> <>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.2 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
Archived-At: <>
Subject: Re: [DNSOP] Last Call: <draft-ietf-dnsop-obsolete-dlv-00.txt> (Moving DNSSEC Lookaside Validation (DLV) to Historic Status) to Informational RFC
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 05 Sep 2019 21:46:17 -0000

> I remember scaring a bunch of people at a NANOG meeting by suggesting
> that we should have an alternate method of establishing trust, and
> that method should be non-hierarchical (or perhaps
> "counter-hierarchical"). I believe I used "DLV-like" to describe it
> and I remember the reactions I got (esp from Randy).  My goal was to
> mitigate risk from anything that might cause the root KSK to become
> bolloxed, like a botched key roll.

you misunderstood me.

dlv had no particular trust model.  i was and remain a web of trust
heritic as far as net ops is concerned.  it's the way operators actually
work.  if you and cat, who i know, trust brielle, i'll trust her, though
not necessarily her friends.

lack of an inter-operator trust model is why slurm is not usable other
than in one's own net.  it is droll that lta-use touches this but got
enough pushback from a sec ad that i have not had the time to educate.

i was also not successful pushing wot in the rpki-based routing security
development cabal.  essentially, the ietf's total focus on the x.509
based pki hierarchy meant wot went for decades with no energy behind
analysis, design, development, etc.; starved from birth.