Re: [DNSOP] Moving parent-child-update documents forward
joel jaeggli <joelja@bogus.com> Wed, 06 November 2013 21:16 UTC
Return-Path: <joelja@bogus.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C76E121E81B1 for <dnsop@ietfa.amsl.com>; Wed, 6 Nov 2013 13:16:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Level:
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JpHhxvZHRGby for <dnsop@ietfa.amsl.com>; Wed, 6 Nov 2013 13:15:52 -0800 (PST)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by ietfa.amsl.com (Postfix) with ESMTP id B1BD421E8198 for <dnsop@ietf.org>; Wed, 6 Nov 2013 13:15:51 -0800 (PST)
Received: from wireless-a-1x-v6.meeting.ietf.org (wireless-a-1x-v6.meeting.ietf.org [IPv6:2001:67c:370:184:7406:1e61:90bd:621b] (may be forged)) (authenticated bits=0) by nagasaki.bogus.com (8.14.4/8.14.4) with ESMTP id rA6LFaCl030115 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 6 Nov 2013 21:15:37 GMT (envelope-from joelja@bogus.com)
Content-Type: multipart/signed; boundary="Apple-Mail=_3D543DB4-4C91-41D7-9B5A-52A05E58CCC2"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1816\))
From: joel jaeggli <joelja@bogus.com>
In-Reply-To: <527A90A1.1010903@teamaol.com>
Date: Wed, 06 Nov 2013 13:15:36 -0800
Message-Id: <6A53A798-17F3-4983-93BD-000EFB659A7E@bogus.com>
References: <CANdQK6Z6AD8RAkatTm=uzDzsBVNmQkbT5K=E9jaa0D5qagdHWA@mail.gmail.com> <527A90A1.1010903@teamaol.com>
To: Tim Wicinski <tim.wicinski@teamaol.com>
X-Mailer: Apple Mail (2.1816)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (nagasaki.bogus.com [IPv6:2001:418:1::81]); Wed, 06 Nov 2013 21:15:37 +0000 (UTC)
Cc: Dan York <dan-ietf@danyork.org>, dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] Moving parent-child-update documents forward
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2013 21:16:08 -0000
On Nov 6, 2013, at 10:55 AM, Tim Wicinski <tim.wicinski@teamaol.com> wrote: > (I will speak only as myself for the moment ) > > I am in solid agreement that we need to move these documents forward. In Berlin, we sent back Wes, Warren and Olafur to resolve their differences, merge them (if possible) and present the various options. I've think they've done that and don't it admirably. I believe that we should call for adoption on these two documents: > > http://tools.ietf.org/html/draft-kumari-ogud-dnsop-cds-05 > http://tools.ietf.org/html/draft-hardaker-dnsop-csync-01 > > As it was said, "Adoption does not mean it will get published." All the authors agree with this. I also feel that their is enough consensus to move on these. > > With Mark Andrew's document: > draft-andrews-dnsop-update-parent-zones-00 So a question I have here with respect to conversations between authors that I’ve heard… is the model more appropiate if the zone and corresponding number of updates is very large? > I agree with Dan here that we need some more time to see how this will work. A functional example perhaps or some more time and more eyeballs on it. I can see where both this and Wes's documents can work for different organizations. I don't think we're far enough along to pick A vs B but we are far enough along to adopt and move forward. > > Personally, I've been following dnsop and dnsext for many years. One thing I've felt is the turgid pace of document flow. I feel that we need to move things forward or decide why not and send them back. One of the things I want to do as co-chair is "step up the pace." From talking with folks on the committee, I have gotten the feedback this is needed. (If you think otherwise, please reach out to me directly). > > I serve at the whim of the AD, and to serve the community, and until my body is found in a dumpster, I'm working in a more forward direction. > > tim > > > On 11/6/13 5:49 AM, Dan York wrote: >> Peter & Tim, >> >> Unfortunately we ran out of time in the DNSOP session yesterday and I don't feel we left with a plan to move forward on the various "parent-child-update" documents and scenarios. However I think it is *critical* that we DO move forward with these documents as this issue is one of the big barriers for smoother operation of DNSSEC. >> >> I think there was a strong sense in the room that we definitely need to work on this overall issue and I think at the end we were getting hung up on some process points (and I admit that *I* was contributing to that confusion)... and then we simply ran out of time. >> >> What do you see as a path forward here? How can we progress these documents? >> >> The point I was trying to make in the final minutes was that we need something *more* than just these documents to help get these solutions actually out there and deployed. I think we need to provide operational guidance to registrars and registries on the different mechanisms for updating these type of DNS records and explain the options that we have available. We need to make it easy for them to understand how the mechanisms fit together and can be used in different situations. >> >> But I think that kind of document can be written separately from moving the other documents forward (and yes, I'm willing to help with text and not just say that "someone" should write a doc). >> >> I don't see why we can't adopt the CDS/CDNSKEY and CSYNC drafts as working group documents and continue to move them along - we've had significant discussion on these over the past several meetings and also on the lists: >> >> http://tools.ietf.org/html/draft-kumari-ogud-dnsop-cds-05 >> http://tools.ietf.org/html/draft-hardaker-dnsop-csync-01 >> >> Similarly, I think Mark's draft could be another one to consider adopting for situations where people want to operate the push-style model: >> >> http://tools.ietf.org/html/draft-andrews-dnsop-update-parent-zones-00 >> >> I think we need some more discussion on that document before we adopt it (I haven't seen any on the list, or did I miss it?) but I don't see any issue with ALSO having a document like it as a working group document. There will be multiple models for different situations. >> >> Additionally, I think Paul's document on use cases is one that we should be bringing back into circulation (thanks, Matthijs, for the pointer after Paul mentioned it yesterday): >> >> http://tools.ietf.org/html/draft-wouters-dnsop-secure-update-use-cases-00 >> >> Anyway - I think we do need to move this whole area of work forward as rapidly as we can. >> >> My 2 cents, >> Dan >> >> -- >> Dan York, dan-ietf@danyork.org >> http://danyork.me http://twitter.com/danyork >> >> >> _______________________________________________ >> DNSOP mailing list >> >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop
- [DNSOP] Moving parent-child-update documents forw… Dan York
- Re: [DNSOP] Moving parent-child-update documents … Andrew Sullivan
- Re: [DNSOP] Moving parent-child-update documents … Tim Wicinski
- Re: [DNSOP] Moving parent-child-update documents … joel jaeggli