IETF Logo Mail Archive

Re: [DNSOP] followup and proposed actions: RFC 6761 interim and next steps

Paul Vixie <paul@redbarn.org> Wed, 27 May 2015 06:10 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E506D1A01BA for <dnsop@ietfa.amsl.com>; Tue, 26 May 2015 23:10:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vTyTlbH5lGgQ for <dnsop@ietfa.amsl.com>; Tue, 26 May 2015 23:10:40 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [24.104.150.213]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78BCE1A01A5 for <dnsop@ietf.org>; Tue, 26 May 2015 23:10:40 -0700 (PDT)
Received: from [192.168.40.38] (unknown [109.235.242.18]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 0BFEE184F1; Wed, 27 May 2015 06:10:36 +0000 (UTC)
Message-ID: <55655FD8.6080503@redbarn.org>
Date: Tue, 26 May 2015 23:10:32 -0700
From: Paul Vixie <paul@redbarn.org>
User-Agent: Postbox 3.0.11 (Windows/20140602)
MIME-Version: 1.0
To: Francisco Obispo <fobispo@uniregistry.com>
References: <20150526200703.15413.qmail@ary.lan> <3B05F60A-8865-45B8-A36C-042E0F5CC92C@uniregistry.com> <alpine.OSX.2.11.1505261730060.65578@ary.lan> <CEA65A4A-1AE4-4582-8EF2-732DEEED8D70@uniregistry.com> <alpine.OSX.2.11.1505261753230.65578@ary.lan> <77464DBE-7F4F-478F-9035-E9B2044D6D2D@uniregistry.com> <5564F4CC.50805@redbarn.org> <CEAECF08-7518-4E70-BD05-8D3DDC3BEA27@uniregistry.com>
In-Reply-To: <CEAECF08-7518-4E70-BD05-8D3DDC3BEA27@uniregistry.com>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/B3Ohz3FAZRNC4uD8N0-JR0mIMZQ>
Cc: dnsop@ietf.org, John R Levine <johnl@taugh.com>
Subject: Re: [DNSOP] followup and proposed actions: RFC 6761 interim and next steps
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2015 06:10:42 -0000


Francisco Obispo wrote:
>
>> On May 26, 2015, at 3:33 PM, Paul Vixie <paul@redbarn.org
>> <mailto:paul@redbarn.org>> wrote:
>>
>> i also disagree. people don't know when something stops working, it just
>> makes their experience worse and they don't know why. the most likely
>> outcome is they'll just live in digital squalor.
>
> This is what I would like to quantify. Those people are probable
> already in a digital squalor and they don’t know it. How can we
> improve that situation?

1. microsoft puts win/xp under f/oss; worldwide team launches bugfix jihad.
2. ITU treaty updated to require SAV; many undersea cables chopped.
3. CPE vendors learn about bufferbloat; FQ-Codel universally deployed.
4. social network industry announces IPv6-only as of December 2016;
worldwide V6 surge.
5. someone somewhere finally reads SAC064; wisdom ensues.

as you know, my list is actually much longer than that 5-item sample.

>
>> DITL happens to be representative. (you've operated f-root; you know
>> what the root servers see.) my take on the data is, .HOME, .CORP, and
>> .LOCAL are poisoned for all time, no further discussion needed.
>>
>
> I’m not discarding the DITL, it’s one good slice, but there is more
> that we don’t see, perhaps you have access to more information and
> have a more complete picture of it via DNSDB and other systems?
>
> Perhaps there is a more room for additional studies / data and analysis ?

well, yes. and if you, as a hobbyist/adventurer, wanted to spend unpaid
time away from your job and family, i'd be very happy to give you access
to the SIE DNS Errors and DNS Changes channels so that you can see what
i see and publish your findings if any.

>
>> to the extent that the new gTLD programme has any public benefit
>> purpose, that purpose must be balanced with digital public safety. if
>> there's a risk, then the risk is too high, because if there's a benefit,
>> the benefit is too low.
>>
>
> There is risk in not doing anything as well, how do balance it?

your question begs for a simplistic answer like "first, do no harm."
however, i think there's a more nuanced view available: most code that
hasn't been upgraded in the last 15 years is on the 50-to-100 year
upgrade cycle, a lot of it is source-code-lost and authors-now-dead.
let's build a new secure V6 network that isolates those older nodes as
harmlessly as possible.

>
> I trust your judgement and respect your contributions, that’s not in
> question, I'm not against reserving some TLDs for local use (said it
> in my first email), my main concern is creating the illusion that by
> reserving those TLDs, we’ve solved the problem and create a false
> sense of safety. This is a multi-variable/multi-dimensional complex
> system, where there are pieces that neither IETF and ICANN have
> control of.

on this, we agree.

-- 
Paul Vixie

v2.23.0 | Report a Bug | By Email