IETF Logo Mail Archive

Re: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>

David Conrad <drc@virtualized.org> Thu, 08 October 2015 17:06 UTC

Return-Path: <drc@virtualized.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F3D81ACE61 for <dnsop@ietfa.amsl.com>; Thu, 8 Oct 2015 10:06:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q4yhTvCcO84H for <dnsop@ietfa.amsl.com>; Thu, 8 Oct 2015 10:06:51 -0700 (PDT)
Received: from mail-pa0-f42.google.com (mail-pa0-f42.google.com [209.85.220.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1BFA1AC399 for <dnsop@ietf.org>; Thu, 8 Oct 2015 10:06:51 -0700 (PDT)
Received: by pacex6 with SMTP id ex6so60179328pac.0 for <dnsop@ietf.org>; Thu, 08 Oct 2015 10:06:51 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:mime-version:content-type:from :in-reply-to:date:cc:message-id:references:to; bh=M4rQElwkRzAkqi6J4b9w1HygUyKkF6yDyTFi8grvZ5A=; b=GUjwwq//bJwXtMwIWWMPxz+NsuV1kEEk5MzCqL0Yflx7j+92RdOujagJCVkphuIRZz xpIXwIYI0N5TKMpWzW8iHTDBceUFfswOcgSYZZfdDm+PB3Iq+tcUt0usg8SDRdqhHbmc ihoEmTn9aKoMeL3FvCiii0wlPGZZljU4DuFQ33e6u7yYIhuYTt6f+oiQmhQc7gD2mGpG UBp5tXmUVnp1sEdDVUVqChvH14o6EqVNvAhwAtMUqti3La60P7mH4xdkqh9arWn0z6UL 7pN/VXw+RCSJ1q0hVKXhlGK+MHs0yqljqvbNaP8luwKeBeqMVEgN9Y+61VTDRGVHp265 iVBQ==
X-Gm-Message-State: ALoCoQnIi7L98I/XpLoICpCumnAZbj92qDj8MeJYZFRHy4phhhj4Btq1JJBxNkAj3jiAiIV7Wf84
X-Received: by 10.66.140.70 with SMTP id re6mr9358050pab.31.1444324011122; Thu, 08 Oct 2015 10:06:51 -0700 (PDT)
Received: from [10.0.0.18] (c-50-184-24-209.hsd1.ca.comcast.net. [50.184.24.209]) by smtp.gmail.com with ESMTPSA id uc1sm46740064pab.20.2015.10.08.10.06.49 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 08 Oct 2015 10:06:49 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
Content-Type: multipart/signed; boundary="Apple-Mail=_BF914E92-1C66-486E-972E-895B8E574E83"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.5.1
From: David Conrad <drc@virtualized.org>
In-Reply-To: <20151008164015.GJ17602@mx2.yitter.info>
Date: Thu, 08 Oct 2015 10:06:47 -0700
Message-Id: <4BC462D4-F6B9-4AB1-A021-234218072562@virtualized.org>
References: <20150928155325.GA63874@gaon.net> <20150929095301.32c3e6a3@casual> <13F1D87F-1C07-40EB-86B0-564C4109C9B0@virtualized.org> <1973252D-924F-4EF1-A38F-5EC01AD331F6@gmail.com> <FDD04DCC-59C5-41F5-8CAF-1EF31CD65A34@virtualized.org> <63E1E01E-C172-4A0F-B434-F796546BB657@gmail.com> <C4FA9FA6-76E3-4FF3-862B-C5C0DF75C761@kirei.se> <D1C15986-603E-4932-B551-0497638D9849@vpnc.org> <02869F43-87A4-4797-8FD3-276C02DF665D@kirei.se> <EEA946B1-8BF3-4AB7-99D2-4C8CDCCF0EC0@vpnc.org> <20151008164015.GJ17602@mx2.yitter.info>
To: Andrew Sullivan <ajs@anvilwalrusden.com>
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/L057Lj9AMdLmGcaKqqUz0q_6C8c>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Oct 2015 17:06:53 -0000

Hi,

> On Oct 8, 2015, at 9:40 AM, Andrew Sullivan <ajs@anvilwalrusden.com> wrote:
> 
> On Mon, Oct 05, 2015 at 09:39:06AM -0400, Paul Hoffman wrote:
>> Fully agree. That is why this should not be an IETF document, and instead it
>> should be written and published by the organization that is responsible for
>> the formats and publication methods.
> 
> I don't really care how this happens, but I note that both previously
> and currently staff of that organization seem to use the RFC series to
> publish technical specification documents.  Generally policy documents
> don't get published as RFCs, but other documents do.
> 
> I am not too sure I see why it'd be helpful to create a completely new
> publication mechanism for such specifications from ICANN.

Speaking only for myself (which I presume is the case for anyone discussing IETF-related goop)...

I'd like to try to get away from the "I" word, err... acronym, as that seems to cause some people to knee-jerk in unhelpful ways.

If I can generalize a bit:

There is a file. A bunch of independent people want to use the contents of that file. They also want some level of assurance (not absolute) that The Bad Guys haven't mucked with the contents of that file. The folks who currently generate the file do a bunch of things to provide some level of assurance that most (not all) folks think provide a useful level of assurance.

Now, in order for the independent people to verify the contents of the file, the folks who _currently_ generate the file need to publish the things they do. The folks who _currently_ generate the file could publish the things they do on their website, but the folks _currently_ generate the file may not do so in the future and the independent people would then have to worry about whoever takes over the role of generating the file will change things in non-backwards compatible ways, resulting in much gnashing of teeth.

So instead of the folks who _currently_ generate the file publishing stuff on their own website, they turn to a neutral, third party, voluntary standards development organization and say "hey, this is how we provide some level of assurance for the content of the file a bunch of independent folk care about. We'd like to turn it into one of your standards, any thoughts?" If the standards development organization accepts this, it means the folks who _currently_ generate the file won't pull the rug out from under the independent folks who use the file (not that they would, but having the assurance that they won't is often helpful in convincing developers to use the file). It also means if/when the folks who generate the file change, the new folks who generate the file will have a standard to conform to.

This strikes me as a good thing.  It also implies that people in the standards development organization can change how the file is secured and that's OK, because the folks who _currently_ generate the file go to great lengths to try to get input from "the community" (whatever that is) and that input is actually welcomed.

What am I missing?

Thanks,
-drc

v2.23.0 | Report a Bug | By Email