IETF Logo Mail Archive

[DNSOP] Re: [Ext] Re: Call for Adoption: draft-davies-internal-tld

Joe Abley <jabley@strandkip.nl> Thu, 24 April 2025 16:50 UTC

Return-Path: <jabley@strandkip.nl>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id A6D8A20C79A2 for <dnsop@mail2.ietf.org>; Thu, 24 Apr 2025 09:50:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=strandkip.nl
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mdIADwgX9Jb6 for <dnsop@mail2.ietf.org>; Thu, 24 Apr 2025 09:50:56 -0700 (PDT)
Received: from outbound.qs.icloud.com (p-east3-cluster6-host11-snip6-8.eps.apple.com [IPv6:2a01:b747:3006:202::6f]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id AAE7A20C790E for <dnsop@ietf.org>; Thu, 24 Apr 2025 09:50:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=strandkip.nl; s=sig1; bh=CcKN8O4WYCwvHU5Zw09+FZsyjJO154gGJM3bCxhitcc=; h=Content-Type:Mime-Version:Subject:From:Date:Message-Id:To:x-icloud-hme; b=B09J/naVHDUZNQ6wyayKRkn1axrltalGpcZjRW34ln51NE2KDjmn5V1MusFA5dAvn W0KkFX4i1L7xIjCRf+IylQLobOYuwph5ezsxkTsmYOoEpO3A30FpETSuM68KudYDei T6FLvjav6670+qil5Us8DCbvkXGg93ZW3+hxHrUF7yH0pEew/CNgOsvj8+rGQh/2bO phhOguD51jQx2vDMeoyiZI0lV/iwYJKpww1GsFkssVE90KsCzNBXgdmoZBPX6FNUKf Wwb1hhsffzcIjVNdfcAsM8VR8ITR6in2vBUBjMiBdAGp1ZPuMTGB58mBkZWm7VU57s GXFeiPq5Y1IFw==
Received: from outbound.qs.icloud.com (localhost [127.0.0.1]) by outbound.qs.icloud.com (Postfix) with ESMTPS id 7B5AD1800175; Thu, 24 Apr 2025 16:50:47 +0000 (UTC)
Received: from smtpclient.apple (qs-asmtp-me-k8s.p00.prod.me.com [17.57.155.37]) by outbound.qs.icloud.com (Postfix) with ESMTPSA id 8F48B180012A; Thu, 24 Apr 2025 16:50:46 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.500.181.1.5\))
From: Joe Abley <jabley@strandkip.nl>
In-Reply-To: <01E23110-9A50-4187-8A54-34D514504F9B@strandkip.nl>
Date: Thu, 24 Apr 2025 18:50:34 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <3A48CBC3-B55B-4FCF-B713-A7CA4C7BB7CC@strandkip.nl>
References: <m1u5h1G-0000LcC@stereo.hq.phicoh.net> <83666fd3-a51f-46e1-a5ac-0b9a46361480@desec.io> <49E3B1B6-E960-4A46-9C5D-2721FD57132D@depht.com> <3b5fb9e7-8a2b-420f-a2fb-dd6f6a0b88ae@isc.org> <89047B78-A2B1-43F2-A996-94DF1E90538A@depht.com> <cc84f69c-c349-4d91-b942-80221b564a9b@isc.org> <ac48e27d-479f-42f3-b87f-891220ef2fe8@app.fastmail.com> <BE721880-6254-48F4-9F91-567A99E0511B@icann.org> <m1u7asT-0000MtC@stereo.hq.phicoh.net> <01E23110-9A50-4187-8A54-34D514504F9B@strandkip.nl>
To: Philip Homburg <pch-dnsop-6@u-1.phicoh.com>
X-Mailer: Apple Mail (2.3826.500.181.1.5)
Message-ID-Hash: PNXH5BBOPXBC3BXYFLQ5MFNTFURWVU4I
X-Message-ID-Hash: PNXH5BBOPXBC3BXYFLQ5MFNTFURWVU4I
X-MailFrom: jabley@strandkip.nl
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dnsop@ietf.org, Paul Hoffman <paul.hoffman@icann.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: [Ext] Re: Call for Adoption: draft-davies-internal-tld
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/YMHq661SUoc54GyxaqJvMohn8bQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

Replying to myself, hooray,

On 23 Apr 2025, at 18:16, Joe Abley <jabley@strandkip.nl> wrote:

> I was a member of SSAC at the time SSAC made its recommendation to the ICANN board, but I was not one of the people who contributed significantly to the document as far as I remember, so be aware (as usual!) that everything I say may be nonsense.
> 
> I think the SSAC document does not discuss or propose an insecure delegation from the root zone in order to avoid the advice to the board being complicated by conflicts with existing root zone management (both in the general sense and in the sense of RZM, the software used to manage delegations from the root zone).

Some kind people reminded me of events of the past, so in case it's interesting...

It turns out that the SSAC work party responsible for that document did indeed decide not to recommend an insecure delegation for the reason above, and so it's definitively not the case that people didn't think of it or think that it was a good idea to recommend it.

I was one of the people that thought it was better not to include that specific recommendation, for the reason above, and in fact I said so loudly and stubbonly at the time. I had just forgotten.

I still think this was a reasonable recommendation to drop, and I still think that the resulting resolution shouldn't stand in the way of any particular technical implementation of the document's overall recommendation. People shouldn't read too much into the word "delegation" just because they're used to seeing it through a DNS lens. It definitely has other meanings in the context of the policies surrounding root zone management.


Joe

v2.31.3 | Report a Bug | By Email | System Status