Re: [DNSOP] Closing out issues in draft-ietf-dnsop-resolver-priming

"Joe Abley" <jabley@hopcount.ca> Fri, 16 October 2015 14:27 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 808D11B2C2F for <dnsop@ietfa.amsl.com>; Fri, 16 Oct 2015 07:27:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tJIKT6iXOLeO for <dnsop@ietfa.amsl.com>; Fri, 16 Oct 2015 07:27:28 -0700 (PDT)
Received: from mail-qk0-x233.google.com (mail-qk0-x233.google.com [IPv6:2607:f8b0:400d:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D88B21B2C2D for <dnsop@ietf.org>; Fri, 16 Oct 2015 07:27:27 -0700 (PDT)
Received: by qkas79 with SMTP id s79so54886388qka.0 for <dnsop@ietf.org>; Fri, 16 Oct 2015 07:27:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-type; bh=GCCzIC1kPIKLPA1n4MXLX9uYomo3Rmu/rTShkeOGu/M=; b=ZpAJuAuByC4hs6Ag4jDOQqqwKiWc6HZ+WpTwpuFUdn9/NJStrE80gNXp2tTmjKpmE0 CA5RJRKpPnBqqopev1dKuaXIZ4s2/yRwfwsDaHniHswss0//qRok8cDfqjZtZfBAbY0b OH7bsrcFqFIxm2YFp4+rvXjEaxEKc+RcjZ854=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-type; bh=GCCzIC1kPIKLPA1n4MXLX9uYomo3Rmu/rTShkeOGu/M=; b=gSxqC8Y8gtzB0dK7xKIQwOtm5pulEUh9Q9nPL9x1gDfafU+wS1MJxq0TCIlez1G7p7 4vrarfETtdOsz2zU5gt7pBx3MkC+NaApp3o2WyGtji8iU0hzHDxdVIEg1uvApyJB+vU+ hqjI8zIKCDrISi4/DshBWUV2JAHPE049G5SCXdZiE+9K0GA/YSEVB9Wi0QmZoAoX88fa PsdCb+31tVoQmOsNxTFU44b10Zny+t9+yeIV5hOa7J9nLbtSGW4vvoOigw1f3OERQc1e bWHQL1O0vpXmbIWIZWZ4GNruawqmbw1CQpoOsuDVzP7eMRv19d1uE0OXYeNEpJK6SIx+ OwYA==
X-Gm-Message-State: ALoCoQma3JfzC+iFQPVbBRu/ray7XTURjt0ykatw3JGyxQDqsmAg/c+tC8F3mczCXNf6EHUhY3c6
X-Received: by 10.55.207.3 with SMTP id e3mr19242025qkj.32.1445005646892; Fri, 16 Oct 2015 07:27:26 -0700 (PDT)
Received: from [172.19.130.142] (135-23-68-43.cpe.pppoe.ca. [135.23.68.43]) by smtp.gmail.com with ESMTPSA id 145sm7781537qhb.20.2015.10.16.07.27.26 (version=TLSv1 cipher=RC4-SHA bits=128/128); Fri, 16 Oct 2015 07:27:26 -0700 (PDT)
From: Joe Abley <jabley@hopcount.ca>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Date: Fri, 16 Oct 2015 10:27:27 -0400
Message-ID: <8BCBEBC3-0B29-480B-9655-D6EA8C5BF201@hopcount.ca>
In-Reply-To: <8149BC4D-F11E-4E4F-BBB8-C38D865A4184@vpnc.org>
References: <8149BC4D-F11E-4E4F-BBB8-C38D865A4184@vpnc.org>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.2r5141)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/FD_kScU_maLy0WPycqyLHZoI078>
Cc: dnsop WG <dnsop@ietf.org>
Subject: Re: [DNSOP] Closing out issues in draft-ietf-dnsop-resolver-priming
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Oct 2015 14:27:29 -0000


On 15 Oct 2015, at 20:06, Paul Hoffman wrote:

> The two open issues are in Section 4:
>
> 4.  Requirements for Root Name Servers and the Root Zone

I think it might be worth stepping up a level here and understanding 
what this document can reasonably specify.

2870 has long been recognised to be obsolete. The direction for fixing 
that (which, who knows, might actually result in action at some point) 
can be summarised as the union of draft-iab-2870bis (currently approved 
for BCP, sitting in the RFC Editor queue) and RSSAC-001 (currently 
waiting for 2870bis to be published).

The approach being taken is that the IETF provides protocol-level 
requirements, and RSSAC documents the operational expectations that are 
reasonable to have of root server operators.

Analogously, and relevant to this document, the contents of the root 
zone, the names of root servers, and the operational practicalities of 
the ROOT-SERVERS.NET zone (contents, and where it is hosted) are 
currently managed by the IANA Functions Operator under contract. RSSAC 
is currently working on analysis and advice to ICANN on the question of 
whether the current naming scheme could be improved upon.

This document, I believe, needs some revision to make sure it stays on 
the right side of the line between technical policy (from the IETF), 
administrative policy (from the IANA Functions Operator) and operational 
policy (from the root server operators, as documented by RSSAC).

So, for example:

> The operational requirements for root name servers are described in
> [RFC2870].  This section specifies additional guidance for the
> configuration of and software deployed at the root name servers.

I think this document needs to be clear that the requirements it is 
imposing on the system as a whole are protocol-level requirements, and 
not operational or administrative.

I am deliberately not suggesting edits to the current text or responding 
to the two issues you highlighted in this message; I think it's 
important to get consensus first about the scope of guidance that this 
document can provide.

To be clear, I think it's important and necessary that the priming 
process be documented; I just think we need to be careful that we do it 
from a protocol perspective.


Joe