Re: [dnsop] draft-krishnaswamy-dnsop-dnssec-split-view-03
Andrew Sullivan <andrew@ca.afilias.info> Thu, 24 August 2006 15:56 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GGHZe-0006Wt-A0 for dnsop-archive@lists.ietf.org; Thu, 24 Aug 2006 11:56:54 -0400
Received: from mailapps.uoregon.edu ([128.223.142.45]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GGHZb-0005fH-T6 for dnsop-archive@lists.ietf.org; Thu, 24 Aug 2006 11:56:54 -0400
Received: from mailapps.uoregon.edu (localhost [127.0.0.1]) by mailapps.uoregon.edu (8.13.7/8.13.7) with ESMTP id k7OFFci6022643; Thu, 24 Aug 2006 08:15:38 -0700
Received: (from majordom@localhost) by mailapps.uoregon.edu (8.13.7/8.13.7/Submit) id k7OFFcCW022641; Thu, 24 Aug 2006 08:15:38 -0700
Received: from mail.libertyrms.com (vgateway.libertyrms.info [207.219.45.62]) by mailapps.uoregon.edu (8.13.7/8.13.7) with ESMTP id k7OFFbcA022636 for <dnsop@lists.uoregon.edu>; Thu, 24 Aug 2006 08:15:37 -0700
Received: from roaming15.int.libertyrms.com ([10.1.3.245]) by mail.libertyrms.com with esmtp (Exim 4.22) id 1GGGvc-0000f0-D7 for dnsop@lists.uoregon.edu; Thu, 24 Aug 2006 11:15:32 -0400
Received: by roaming15.int.libertyrms.com (Postfix, from userid 1019) id 3C7721D43AA; Thu, 24 Aug 2006 11:15:08 -0400 (EDT)
Date: Thu, 24 Aug 2006 11:15:08 -0400
From: Andrew Sullivan <andrew@ca.afilias.info>
To: dnsop@lists.uoregon.edu
Subject: Re: [dnsop] draft-krishnaswamy-dnsop-dnssec-split-view-03
Message-ID: <20060824151507.GA14876@afilias.info>
Reply-To: Andrew Sullivan <andrew@ca.afilias.info>
References: <E1GG0qQ-0004OC-5H@megatron.ietf.org> <684EB56E-5FB6-4C20-8040-1384E7F6F165@tislabs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <684EB56E-5FB6-4C20-8040-1384E7F6F165@tislabs.com>
User-Agent: Mutt/1.5.11
X-SA-Exim-Mail-From: andrew@ca.afilias.info
X-SA-Exim-Scanned: No; SAEximRunCond expanded to false
X-Virus-Scanned: ClamAV 0.88.4/1722/Thu Aug 24 03:29:40 2006 on mailapps
X-Virus-Status: Clean
Sender: owner-dnsop@lists.uoregon.edu
Precedence: bulk
X-Spam-Score: 0.5 (/)
X-Scan-Signature: f4c2cf0bccc868e4cc88dace71fb3f44
On Wed, Aug 23, 2006 at 06:24:03PM -0400, Suresh Krishnaswamy wrote: > added and portions moved to the appendix. I've also added some text > to suggest that this document is more a "DNSSEC" split-views > recommendation rather than a "DNS" split-views recommendation. I continue to have a deep reservation about this document: the whole thing depends on something like a reasonable set of practices around split-view DNS. Indeed, it seems to me that all of section 3 amounts to a way to sneak that in through the back door. Don't get me wrong: I'm not opposed, at least at first blush, to anything in section 3, and it seems to me to be a nice outline of what is needed. But the simple fact that the only reference in that section, in my quick reading, is to TSIG suggests to me that there is a set of practices that are either undocumented or else uncited, but which form the necessary condition for the practices outlined later in this document. The above is the reason that I suggested just before the Montreal meeting that there are, in fact, two documents here. I appreciate that there is a certain vitriol that seeps out every time split-view DNS is discussed. But if we are not willing to come to some sort of consensus on what an "ordinary" split-view DNS operator ought to consider, I don't think we can seriously recommend anything for a split-view DNS operator to consider in the presence of DNSSEC. I don't know of any document that outlines what a split-view DNS operator ought to consider, and there isn't one listed in the references of this draft. The alternative, of course, is to make this into a document about split-view generally, with a section that covers how it interacts with DNSSEC. (That seems to me to be a possibility, although it will of course make the document a little more complex.) That said, > I personally think that there is enough agreement within the working > group that this topic, in general, is important. I agree. I also think the draft is in general a good one. I just think that it either needs to be straightforwardly about split-view, or that it should depend on another document that is about "vanilla" split-view. A -- ---- Andrew Sullivan 204-4141 Yonge Street Afilias Canada Toronto, Ontario Canada <andrew@ca.afilias.info> M2P 2A8 +1 416 646 3304 x4110 . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
- [dnsop] draft-krishnaswamy-dnsop-dnssec-split-vie… Suresh Krishnaswamy
- [dnsop] abstract of split-view-03 Edward Lewis
- Re: [dnsop] draft-krishnaswamy-dnsop-dnssec-split… Andrew Sullivan
- [dnsop] Chapter 1 of split-view-03 Edward Lewis
- Re: [dnsop] Chapter 1 of split-view-03 Suresh Krishnaswamy
- Re: [dnsop] Chapter 1 of split-view-03 Edward Lewis