IETF Logo Mail Archive

Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-07

Warren Kumari <warren@kumari.net> Fri, 23 March 2018 11:08 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2B2812D873 for <dnsop@ietfa.amsl.com>; Fri, 23 Mar 2018 04:08:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7NL4lQjqdtl5 for <dnsop@ietfa.amsl.com>; Fri, 23 Mar 2018 04:08:46 -0700 (PDT)
Received: from mail-wr0-x234.google.com (mail-wr0-x234.google.com [IPv6:2a00:1450:400c:c0c::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1547412D86B for <dnsop@ietf.org>; Fri, 23 Mar 2018 04:08:46 -0700 (PDT)
Received: by mail-wr0-x234.google.com with SMTP id z73so11717588wrb.0 for <dnsop@ietf.org>; Fri, 23 Mar 2018 04:08:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=V4vCXuR0tPGQpq1ENPH2juFrbHM7IRxJBMP5XVs+QRQ=; b=PqsqbWpHcDP3L+45W6+Ah68JYkYzFaC0THKuxwgP9D0Gd+0+WYpEioUA2CIO/o0Prh ZqPUbB1AL+kp2+x/tzSm1OAg0WpWVmgcez4iHu5q8jcJK4vdsuHfAR1Y1+LK7/C1i4Bo TUJIAYSJ0H+A0o/qvTtizbfvuLSfeQMYqxBg4MbvJOOq6Gfid48DL+lX+sFgXhjXk6Cr wu61A8ZHxL2JD7awilNpmrHyiP32aXje3L95El0F3AsyfdQA7eS7M0PrLOMSDHOlLDap Sc2tyJNCBX9vXX5TAE5wgNd2CdJsXF0NaDzzCwHzr8sMKFvAadNR8LOgzzFv0ljGu1RZ Pn1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=V4vCXuR0tPGQpq1ENPH2juFrbHM7IRxJBMP5XVs+QRQ=; b=SgDH59Ns8nU9QwS7s4bcB5NL7JRpXV+FTz0rPGKx4cJOQlKTmAGCW7X/GjcvbBbUuv ROdREZSwPZCztVzXmB6UITxLbi7Eplsl4tLKmuvWLYm6/R4bvFtTuZ1wVLPV/cZpsq/N LxwC9/HcidZiMn0yTOWWYrMu78wCJdb/8kZEtCe7ZCD3daKl0zfOGNL3VK6ieSWT+pJh vsRG3N8eXxtLDZFbFMmQot36wTdrPxZpjhx8CoX4QJKgnE9yqDNZitTVl5/957CY5jbh jcOaV44KGcpillz9gQKicG02m5J9izesU2EsFvVwRf7m5t3mnq0qqdbA1QMzISJb2A+q 8uMw==
X-Gm-Message-State: AElRT7FVi5xwrgkAyjIe1XRJes8ITaKymxg3iz32Wlrsycgn2uQm4oLx kuOWBD6axUgMbZDCmFaw9Dar7QV8nMotjUHV5DfW6A==
X-Google-Smtp-Source: AG47ELvsBMn64f7Z3RplhpI0tzVIodG8y+TlSL4FWx298jAQbI4o115oe7qtnimrYt5ZlYUuxkIueaaAiepEBG+AeqE=
X-Received: by 10.223.162.201 with SMTP id t9mr22213491wra.148.1521803323501; Fri, 23 Mar 2018 04:08:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.226.76 with HTTP; Fri, 23 Mar 2018 04:08:02 -0700 (PDT)
In-Reply-To: <C771B8F7-E9D4-4CAC-9277-EAE3AC74CC62@isc.org>
References: <83786E94-ABCA-43F9-A038-F8F61C93E797@isc.org> <783C0A50-0DC5-4BC6-A105-F19D2BEF98E4@apnic.net> <C771B8F7-E9D4-4CAC-9277-EAE3AC74CC62@isc.org>
From: Warren Kumari <warren@kumari.net>
Date: Fri, 23 Mar 2018 11:08:02 +0000
Message-ID: <CAHw9_iJM4nZyoytk7xgY_OzU9c7BCEpO4O+Jex9g6A58XYREGw@mail.gmail.com>
To: Mark Andrews <marka@isc.org>
Cc: Geoff Huston <gih@apnic.net>, dnsop <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/MTOBBBSUXs52Nm62l_GxGjJWZR4>
Subject: Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-07
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Mar 2018 11:08:51 -0000

On Fri, Mar 23, 2018 at 10:07 AM, Mark Andrews <marka@isc.org> wrote:
> Geoff you are wrong. Titles should tell you what you are about
> to read especially technical documents. There are WAY TOO MANY
> RFC TO READ EVERYONE ON THEM.

... you lack ambition :-P

>
> If I had a TA for andrews.wattle.id.au the current title would
> indicate that I could test resolvers to see if there is a TA
> installed for it.
>
> The current draft *is not* generic.  It is root TA specific.
> That needs to be reflected in the title.
>
> As for the label it can be used for more than rolling KSKs.
> It can be used to see what resolvers are supporting new TA
> *when you are not rolling keys*.  The current name reflects
> *one* use, not all uses.

True, it does reflect one use case, not all -- however, we have
already changed the name multiple times and implementers are
(understandably) becoming annoyed, and supporting N different labels
for the tester is also annoying [0].

How about a compromise - we update the draft name, but keep the label
the same - the only people who likely care about the label are
implementers and testers - once someone sees the name they will read
the doc and quickly discover how it can be used.

W



>
> Mark
>
>> On 23 Mar 2018, at 8:21 pm, Geoff Huston <gih@apnic.net> wrote:
>>
>>
>>
>>> On 23 Mar 2018, at 12:55 am, Mark Andrews <marka@isc.org> wrote:
>>>
>>> This title of this document DOES NOT match reality.
>>>
>>> "A Sentinel for Detecting Trusted Keys in DNSSEC” should be
>>> replaced by “A Root Key Trust Anchor Sentinel for DNSSEC”.
>>>
>>> kskroll-sentinel-<what>-<id> really needs something other
>>> than “kskroll” as the first field.  “root-key-sentinal-<what>-<id>”
>>> really more clearly matches what it does.
>>>
>>> Any other changes that follow from these two changes”
>>>
>>
>> I personally think this is getting into bike shedding at this point.
>>
>> The title of the document is an adequate description of the content
>> and folk who want to know more should read the document, not guess
>> from the title!
>>
>> The label is a piece of syntactic convenience and is entirely
>> arbitrary. We could start an almost infinite discussion thread
>> over which label is better, but in the end its just a label.
>>
>>
>> regards,
>>
>>    Geoff
>>
>>
>>
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742              INTERNET: marka@isc.org
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

v2.23.0 | Report a Bug | By Email