Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-07

Frederico A C Neves <fneves@registro.br> Fri, 23 March 2018 18:15 UTC

Return-Path: <fneves@registro.br>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BCCF126CD6 for <dnsop@ietfa.amsl.com>; Fri, 23 Mar 2018 11:15:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m6x3S3MISDyN for <dnsop@ietfa.amsl.com>; Fri, 23 Mar 2018 11:15:07 -0700 (PDT)
Received: from clone.registro.br (clone.registro.br [200.160.2.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2DD0126B6D for <dnsop@ietf.org>; Fri, 23 Mar 2018 11:15:06 -0700 (PDT)
Received: by clone.registro.br (Postfix, from userid 1000) id 4A2CD29F6AE; Fri, 23 Mar 2018 15:15:05 -0300 (BRT)
Date: Fri, 23 Mar 2018 15:15:05 -0300
From: Frederico A C Neves <fneves@registro.br>
To: Paul Vixie <paul@redbarn.org>
Cc: Joao Damas <joao@bondis.org>, =?utf-8?B?T25kxZllaiBTdXLDvQ==?= <ondrej@isc.org>, dnsop <dnsop@ietf.org>, "Wessels, Duane" <dwessels@verisign.com>
Message-ID: <20180323181505.GV94914@registro.br>
References: <83786E94-ABCA-43F9-A038-F8F61C93E797@isc.org> <783C0A50-0DC5-4BC6-A105-F19D2BEF98E4@apnic.net> <C771B8F7-E9D4-4CAC-9277-EAE3AC74CC62@isc.org> <CAHw9_iJM4nZyoytk7xgY_OzU9c7BCEpO4O+Jex9g6A58XYREGw@mail.gmail.com> <936585F3-9471-40F9-9D11-E9BBAAF90B4A@isc.org> <CAHw9_i++HAh5ZeOYB2MNHn6sQu2+ixY-aHnHDOGODu0Tq=bKyA@mail.gmail.com> <63E394C7-88B6-4DE5-9015-73C6185AFC5E@verisign.com> <40AE444C-EE44-449B-9A70-159A6F91D5BD@isc.org> <162F7A9B-6B3F-4E0D-B6DB-E5BE9D8E30D5@bondis.org> <5AB540A3.8060609@redbarn.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <5AB540A3.8060609@redbarn.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/aFH2DLw8DsHBfQDbY9A5lrnYLfo>
Subject: Re: [DNSOP] draft-ietf-dnsop-kskroll-sentinel-07
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Mar 2018 18:15:11 -0000

Paul,

On Fri, Mar 23, 2018 at 11:00:03AM -0700, Paul Vixie wrote:
> i'm concerned about the age-old human protocol being employed here.
> 
> first one guy shouts bikeshed! (usually somebody who's been bikeshedding.)
> 
> nextly, some folks say "the details don't matter, only uniqueness."
> 
> then there's a bunch of back and forth about whether and which details 
> matter.
> 
> then there's a lot of folks saying, "personally i would go with..." or 
> "i prefer ..." or "my vote is for..."
> 
> then somebody inevitably says "this is taking too long, let's just pick 
> something."
> 
> it's how ipv6 and dnssec were standardized, with sweepingly bad results 
> that our great grandchildren will no doubt shake their heads about, in 
> wonder.
> 
> i request a different protocol.
> 
> can the co-chairs convene a design team made up of people from each camp 
> named above, and lock them in a room and shove pizza under the door 
> until they have a proposal that can be accepted on its _merits_?
> 

This doesn't seams to be the case. The document is being reviewed by
the WG for a while and just adjusting the label and the document's
name, closing their use only for the root, is a good move.

This expansion in scope was included in the beginning of the
discussion just to make the point that the root is not different from
any other zone and this mechanism could be expanded for other
cases... perfect and over engineered. The reality is this is only
needed for the root that has no parent. Please no one start the
argument of local configure anchors any zone down the tree. If this is
the case for an enterprise or Mil. network they have their ways of
controlling/distributing those anchors.

The document is good on it's own merits.

> vixie

Fred

> re:
> 
> Joao Damas wrote:
> > I am happy with whatever the wg agrees but let’s agree, otherwise time keeps sliding and the only label that is going to be accurate for the next generations will be “ksk-roll-that-never-was” ;)
> >
> > Joao
> >
> >> On 23 Mar 2018, at 16:13, Ondřej Surý<ondrej@isc.org>  wrote:
> >>
> >> I also prefer #2
> >>
> >> Personally, I would go with rzksk-sentinel because it’s shorter and more accurate, but #2 will make me happy.
> >>
> >> Ondrej
> >> --
> >> Ondřej Surý — ISC
> >>
> >>> On 23 Mar 2018, at 15:20, Wessels, Duane<dwessels@verisign.com>  wrote:
> >>>
> >>>
> >>>> On Mar 23, 2018, at 5:13 AM, Warren Kumari<warren@kumari.net>  wrote:
> >>>>
> >>>> Dear DNSOP,
> >>>>
> >>>> Please clearly express a preference for:
> >>>> 1: Keeping the current label -- kskroll-sentinel-is-ta-20326.example.com
> >>>> 2: Changing it to the new label -- root-key-sentinal-is-ta-20326.example.com
> >>>>
> >>> I prefer #2.
> >>>
> >>> DW
> >>>
> >>> _______________________________________________
> >>> DNSOP mailing list
> >>> DNSOP@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/dnsop
> >> _______________________________________________
> >> DNSOP mailing list
> >> DNSOP@ietf.org
> >> https://www.ietf.org/mailman/listinfo/dnsop
> >
> > _______________________________________________
> > DNSOP mailing list
> > DNSOP@ietf.org
> > https://www.ietf.org/mailman/listinfo/dnsop
> 
> -- 
> P Vixie
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop