Re: [DNSOP] Working Group Last Call for: draft-ietf-dnsop-kskroll-sentinel

[Warren Kumari <warren@kumari.net>]

On Fri, Apr 6, 2018 at 5:49 PM, Suzanne Woolf <suzworldwide@gmail.com> wrote:
> Hi,
>
> Thanks all for vigorous discussion, but I think it would be helpful to separate comments on draft-ietf-dnsop-kskroll-sentinel from general comments on WG guidelines for future documents.
>

Yup, I fully agree -- these have become conflated. (This drove the
irritated tone of my prior email.)

>> On Apr 6, 2018, at 9:45 AM, Job Snijders <job@ntt.net> wrote:
>>
>>
>> On Fri, Apr 06, 2018 at 08:37:15AM -0400, Warren Kumari wrote:
>>> I'm (of course) fine if the WG / chairs decide that DNSOP needs
>>> implementations before progressing documents, but your wording makes
>>> it sound like you believe this this is already the case, and not
>>> simply your (strong) preference.
>>
>> I am aware DNSOP does not have a policy of requiring implementations,
>> and I find this lack of policy regrettable. I believe this document is
>> not ready for WGLC, for the reasons I listed.
>
> The fact that we don’t have a rule about all documents doesn’t mean an issue can’t be raised about a specific document.

Yup, and they have been raised about this document.

>
> While it’s often disappointing to editors when the WG raises significant issues in WGLC, that’s kind of what WGLC is for.
>
> We’re hearing that having an RFC will be helpful to promoting implementation, and also that this draft may not be ready to be advanced for publication because it doesn’t include implementation experience.

Yeah, it is disappointing, but the authors are big boys and girls, and
after sobbing into our pillows for a little bit we'll be okay... :P

It seems to me that there is a fairly strong signal from the WG for
*this* document should have an implementation section -- speaking only
for myself, this seems like a reasonable request.

Again, for *this* document I understand that the WG wants an
implementation section, and so we should add one - I'm not sure we'd
be able to have that done by April 19th, and so I'm not sure if the
chairs want to consider pausing the WGLC.

> This is something the WG needs to comment on further, because it seems substantive to me so it will have to be addressed one way or another before we advance the document— but those inputs are somewhat in disagreement.
>
> Editors: Please take “concern about a description of current implementation status” as WGLC input, and consider what you might be able to add to the draft to address it.
>
> WG vendors/implementers: Can folks who have implemented kskroll-sentinel, or considered implementing it, please speak up on your concerns/plans?

Yup, that would be helpful  - bits I know of are that Knot has an
implementation based on an earlier version (with a different label),
and Petr says that it will be some time before they are able to update
it; I've never touched Lua, if I get a chance I might try patch their
implementation with the new strings ("Hold my beer" / "How hard can it
be?")).
I think I heard that ISC was considering adding support, but was
planning on waiting till RFC / some sort of LC.

On the "other" side of this there are a few "client" implementations
-- the infamous ksk-test.net, Ray Bellis has
http://www.bellis.me.uk/sentinel/, and Paul Hoffman also has code
(which I have embarrassingly misplaced).

Once we have more details, these could be folded into the
implementation section...

W

>
>
> Thanks,
> Suzanne (&Tim)
>
>



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf