Re: [DNSOP] Moving parent-child-update documents forward
Tim Wicinski <tim.wicinski@teamaol.com> Wed, 06 November 2013 18:56 UTC
Return-Path: <tim.wicinski@teamaol.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E07A911E816F for <dnsop@ietfa.amsl.com>; Wed, 6 Nov 2013 10:56:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.366
X-Spam-Level:
X-Spam-Status: No, score=-2.366 tagged_above=-999 required=5 tests=[AWL=0.232, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9THGS48GaTiX for <dnsop@ietfa.amsl.com>; Wed, 6 Nov 2013 10:55:54 -0800 (PST)
Received: from omr-m08.mx.aol.com (omr-m08.mx.aol.com [64.12.222.129]) by ietfa.amsl.com (Postfix) with ESMTP id D3E8211E80D9 for <dnsop@ietf.org>; Wed, 6 Nov 2013 10:55:35 -0800 (PST)
Received: from AOLDTCMEI34.ad.aol.aoltw.net (aoldtcmei34.office.aol.com [10.180.121.151]) by omr-m08.mx.aol.com (Outbound Mail Relay) with ESMTP id 90BD37014C478; Wed, 6 Nov 2013 13:55:31 -0500 (EST)
Received: from tjw.local (172.17.8.193) by AOLDTCMEI34.ad.aol.aoltw.net (10.180.121.151) with Microsoft SMTP Server id 14.3.123.3; Wed, 6 Nov 2013 13:55:30 -0500
Message-ID: <527A90A1.1010903@teamaol.com>
Date: Wed, 06 Nov 2013 10:55:29 -0800
From: Tim Wicinski <tim.wicinski@teamaol.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:25.0) Gecko/20100101 Thunderbird/25.0
MIME-Version: 1.0
To: Dan York <dan-ietf@danyork.org>, dnsop@ietf.org
References: <CANdQK6Z6AD8RAkatTm=uzDzsBVNmQkbT5K=E9jaa0D5qagdHWA@mail.gmail.com>
In-Reply-To: <CANdQK6Z6AD8RAkatTm=uzDzsBVNmQkbT5K=E9jaa0D5qagdHWA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------080001090703020106050001"
X-Originating-IP: [172.17.8.193]
Subject: Re: [DNSOP] Moving parent-child-update documents forward
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2013 18:56:16 -0000
(I will speak only as myself for the moment ) I am in solid agreement that we need to move these documents forward. In Berlin, we sent back Wes, Warren and Olafur to resolve their differences, merge them (if possible) and present the various options. I've think they've done that and don't it admirably. I believe that we should call for adoption on these two documents: http://tools.ietf.org/html/draft-kumari-ogud-dnsop-cds-05 http://tools.ietf.org/html/draft-hardaker-dnsop-csync-01 As it was said, "Adoption does not mean it will get published." All the authors agree with this. I also feel that their is enough consensus to move on these. With Mark Andrew's document: draft-andrews-dnsop-update-parent-zones-00 I agree with Dan here that we need some more time to see how this will work. A functional example perhaps or some more time and more eyeballs on it. I can see where both this and Wes's documents can work for different organizations. I don't think we're far enough along to pick A vs B but we are far enough along to adopt and move forward. Personally, I've been following dnsop and dnsext for many years. One thing I've felt is the turgid pace of document flow. I feel that we need to move things forward or decide why not and send them back. One of the things I want to do as co-chair is "step up the pace." From talking with folks on the committee, I have gotten the feedback this is needed. (If you think otherwise, please reach out to me directly). I serve at the whim of the AD, and to serve the community, and until my body is found in a dumpster, I'm working in a more forward direction. tim On 11/6/13 5:49 AM, Dan York wrote: > Peter & Tim, > > Unfortunately we ran out of time in the DNSOP session yesterday and I > don't feel we left with a plan to move forward on the various > "parent-child-update" documents and scenarios. However I think it is > *critical* that we DO move forward with these documents as this issue > is one of the big barriers for smoother operation of DNSSEC. > > I think there was a strong sense in the room that we definitely need > to work on this overall issue and I think at the end we were getting > hung up on some process points (and I admit that *I* was contributing > to that confusion)... and then we simply ran out of time. > > What do you see as a path forward here? How can we progress these > documents? > > The point I was trying to make in the final minutes was that we need > something *more* than just these documents to help get these solutions > actually out there and deployed. I think we need to provide > operational guidance to registrars and registries on the different > mechanisms for updating these type of DNS records and explain the > options that we have available. We need to make it easy for them to > understand how the mechanisms fit together and can be used in > different situations. > > But I think that kind of document can be written separately from > moving the other documents forward (and yes, I'm willing to help with > text and not just say that "someone" should write a doc). > > I don't see why we can't adopt the CDS/CDNSKEY and CSYNC drafts as > working group documents and continue to move them along - we've had > significant discussion on these over the past several meetings and > also on the lists: > > http://tools.ietf.org/html/draft-kumari-ogud-dnsop-cds-05 > http://tools.ietf.org/html/draft-hardaker-dnsop-csync-01 > > Similarly, I think Mark's draft could be another one to consider > adopting for situations where people want to operate the push-style model: > > http://tools.ietf.org/html/draft-andrews-dnsop-update-parent-zones-00 > > I think we need some more discussion on that document before we adopt > it (I haven't seen any on the list, or did I miss it?) but I don't see > any issue with ALSO having a document like it as a working group > document. There will be multiple models for different situations. > > Additionally, I think Paul's document on use cases is one that we > should be bringing back into circulation (thanks, Matthijs, for the > pointer after Paul mentioned it yesterday): > > http://tools.ietf.org/html/draft-wouters-dnsop-secure-update-use-cases-00 > > Anyway - I think we do need to move this whole area of work forward as > rapidly as we can. > > My 2 cents, > Dan > > -- > Dan York, dan-ietf@danyork.org <mailto:dan-ietf@danyork.org> > http://danyork.me http://twitter.com/danyork > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop
- [DNSOP] Moving parent-child-update documents forw… Dan York
- Re: [DNSOP] Moving parent-child-update documents … Andrew Sullivan
- Re: [DNSOP] Moving parent-child-update documents … Tim Wicinski
- Re: [DNSOP] Moving parent-child-update documents … joel jaeggli