Re: [DNSOP] [art] draft-ietf-dnsop-attrleaf

Dave Crocker <dhc2@dcrocker.net> Thu, 03 August 2017 22:36 UTC

Return-Path: <dhc2@dcrocker.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5869F131CF1 for <dnsop@ietfa.amsl.com>; Thu, 3 Aug 2017 15:36:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dcrocker.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eFtMyaMYQS8y for <dnsop@ietfa.amsl.com>; Thu, 3 Aug 2017 15:36:31 -0700 (PDT)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9131131D21 for <dnsop@ietf.org>; Thu, 3 Aug 2017 15:36:31 -0700 (PDT)
Received: from [192.168.1.168] (76-218-8-128.lightspeed.sntcca.sbcglobal.net [76.218.8.128]) (authenticated bits=0) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id v73Mavov023984 (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for <dnsop@ietf.org>; Thu, 3 Aug 2017 15:36:57 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dcrocker.net; s=default; t=1501799817; bh=fnmOX2zimLcX2gDfTFjBOGICPXdKQjhXXLdyJt1RwSU=; h=From:Subject:Reply-To:To:References:Date:In-Reply-To:From; b=pe8Mo85cDZoEHVy186dmt4R++nOM3vTxnfT5ouahtMy+yKwv5EDl7fo66oUjFAXg9 r64o1IAucmci6EzyBwJrJ/Y8Md9YRGbjevea3VHugD8Fl5DnoxclA/tkatzNxVZX7k cZBkLLaE7DMZg9ti5PqvYa2NfAkkHzthm4MRGeB0=
From: Dave Crocker <dhc2@dcrocker.net>
Reply-To: dcrocker@bbiw.net
To: dnsop <dnsop@ietf.org>
References: <CADyWQ+HiVOz1zrhNeEYnzy4hryrhFu+v5GNWqcXdOqQBeB9Cig@mail.gmail.com> <9fc7ff7d-9f5a-ce2b-9fb1-e9b1c9eb0108@nostrum.com>
Organization: Brandenburg InternetWorking
Message-ID: <94641677-d072-3462-1c72-ab203c553eef@dcrocker.net>
Date: Thu, 3 Aug 2017 15:36:24 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <9fc7ff7d-9f5a-ce2b-9fb1-e9b1c9eb0108@nostrum.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/FXq6b1x0mOehnT5i4jFuAMwUP8s>
Subject: Re: [DNSOP] [art] draft-ietf-dnsop-attrleaf
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Aug 2017 22:36:33 -0000



Howdy.

(I posted this on the ART list, yesterday, because Tim started a query 
about attrleaf there, but the note should probably also be posted at the 
attleaf hosting wg list.  /d)



I've been mulling over the challenges of this registration topic for 
more than a decade, constantly being hoisted on the petard of 
established practice...

First, underscores can be used for multiple levels of node name.  Trying 
to deal with that fully, in a single spec produced an especially 
confused draft, roughly 10 years ago.  More recently it became clear 
that this is best handled by the described simplification the spec now 
declares -- essentially distinguishing between 'top-level' underscore 
names and separately deal with those below.  But, as you note, this is 
not fully or adequately implemented in the latest versions of the draft. 
  But I'll leave details about further fixes for that, for the moment, 
because...

Second, and much worse, is that the original documentation of underscore 
use created an inherently-problematic arrangement:  Attempting to 
synthesize some of the registration by incorporating entries in 
independent registration tables documented in SRV and URI 
specifications.  The semantics therefore would mean there would be more 
than one 'authority' for name registration.  This is a registration 
model designed to produce collisions.

Efforts have been to retrofit an administrative model that accommodated 
this, where the idea of real-time conflict detection and resolution -- 
by infinitely diligent and perfectly perceptive -- IANA staff is one of 
the more recent suggestions.  Unfortunately, there is an essential and 
practical difference between 'excellent' and 'perfect', where the latter 
is an inappropriate goal for human performance.

I've come to the conclusion that "accommodating" the established 
registration practices is a fundamentally wrong path.  The only way to 
solve a problem of multiple registration authorities is to create a 
single registration authority.

That is, the right path is to create a simple and obvious registration 
model, and, separately, go back and fix the problematic documents.

Therefore I propose to:

    1. Have this document define the simple, sole, authoritative 
mechanism for registering "top-level" (global scope) underscore names.

    2. Create a separate document that specifies modifications to the 
SRV and URI documents, rationalizing the use of underscore names, 
through the mechanism defined in -attrleaf-.


Thoughts?


d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net