Re: [DNSOP] Current DNS standards, drafts & charter

Ondřej Surý <ondrej@isc.org> Tue, 27 March 2018 07:49 UTC

Return-Path: <ondrej@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 238B212D872 for <dnsop@ietfa.amsl.com>; Tue, 27 Mar 2018 00:49:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id imfYGgbLgjyt for <dnsop@ietfa.amsl.com>; Tue, 27 Mar 2018 00:49:12 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9554212D877 for <dnsop@ietf.org>; Tue, 27 Mar 2018 00:49:12 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 1797E3AB044; Tue, 27 Mar 2018 07:49:12 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id AFEDE16003A; Tue, 27 Mar 2018 07:49:11 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 77B3516006A; Tue, 27 Mar 2018 07:49:11 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id QW95jFKjQOtn; Tue, 27 Mar 2018 07:49:11 +0000 (UTC)
Received: from [10.10.0.193] (40.20.broadband5.iol.cz [88.100.20.40]) by zmx1.isc.org (Postfix) with ESMTPSA id 894DC16003A; Tue, 27 Mar 2018 07:49:10 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Ondřej Surý <ondrej@isc.org>
In-Reply-To: <CA3D81B6-164F-4607-A7E6-B999B90C4DA8@gmail.com>
Date: Tue, 27 Mar 2018 09:49:07 +0200
Cc: dnsop <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <5852643C-B414-4C3E-A1B9-553054D3DD46@isc.org>
References: <20180326154645.GB24771@server.ds9a.nl> <CA3D81B6-164F-4607-A7E6-B999B90C4DA8@gmail.com>
To: Suzanne Woolf <suzworldwide@gmail.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/hOm9MaQOtDol9Kua_2gL6MwaszI>
Subject: Re: [DNSOP] Current DNS standards, drafts & charter
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Mar 2018 07:49:16 -0000

Hi Suzanne,

> If the WG feels that the previous view of how DNSOP should work has been overtaken by events, we can certainly work with our Area Director (hi Warren!) on a revised charter.


I strongly believe that any work on cleaning up DNS protocol and/or rewriting RFC1034/RFC1035 and associated document would need a new WG with tightly defined charter.

Hence, I will not request or I won’t support adopting my deprecating-obsolete-rr-types as a WG document - it might become one of the first documents for new WG, or it might end up as individual submission. While this work might be considered as “protocol maintenance”, I think it is bigger then simple protocol maintenance.

Again, from experience from dnsext, I would strongly suggest that any work in this area is split into CHANGE documents and REWRITE documents, with strict scope. Documents rewriting existing RFCs while adding more stuff at the same time tend to not reach the finish line.

Ondrej
--
Ondřej Surý
ondrej@isc.org

> On 27 Mar 2018, at 01:26, Suzanne Woolf <suzworldwide@gmail.com> wrote:
> 
> Hi all,
> 
> First, thanks for running with this.
> 
> Top-posting a couple of process observations:
> 
> First, the chairs are always open to discussion of what documents belong in the WG, interpretation/revision of our charter, etc. There’s a certain amount of process to be observed, especially if we want to revise our charter, but nothing unmanageable; it’s the chairs’ job to make process work for the WG rather than the other way around.
> 
> The current DNSOP charter was deliberately written to be flexible in what we could work on. Normally an IETF WG is chartered to perform a fairly tightly constrained piece of work and then either re-charter to an equally specific next work item, or shut down. But part of the purpose of keeping DNSOP around in a slightly more open-ended fashion was that the community seemed to believe that major protocol work on DNS was done, but there would still be pressure to provide for small tweaks on the wire and review Informational documents on operational practice such as DNSSEC maintenance.
> 
> Since then, a couple of pieces of work with significant protocol implications have gotten some initial review in DNSOP, and then moved to new WGs such as DPRIVE. Most of the documents DNSOP publishes are standards track only for procedural reasons— implementing them is strictly optional for interoperability on the public internet— or are informational.
> 
> If the WG feels that the previous view of how DNSOP should work has been overtaken by events, we can certainly work with our Area Director (hi Warren!) on a revised charter.
> 
> Given the deliberately loose boundaries on the current charter, we can adjust what we’re doing instead of (or during) the formal process of revising it. The charter we have doesn’t obligate us to adopt any particular work item, or to pursue one that’s been adopted but that the WG finds it doesn’t want to pursue after all. 
> 
> In my own strictly subjective impression, some of what we’re publishing is first written as an internet-draft….but some is implemented first in the field and then brought back to the IETF to be documented in an informational RFC so other implementers can write compatible behavior into their software, or so operators who want to use a particular feature can figure out how (*lots* of DNSSEC docs), or operators who don’t want to use a particular feature can (relatively) easily find ways around it. 
> 
> The pressure to standardize extensions to the DNS actually seems lower in the last few years, because both the RRtype registry and the EDNS opt registry policies are expert review rather than standards action. However, the tendency to desire DNS-over-new-transport is recent. So is DPRIVE. So are the assorted optimizations used by CDN operators such as serve-stale and client-subnet.
> 
> It’s also worth noting that many WG participants (operators and implementers alike) have argued over the years that having the IETF refuse to publish an RFC does nothing to discourage people from inventing and fielding new features, it just makes it harder to find out what they’re doing— whether you want to interoperate with them or simply avoid them. So for novel uses of RRtypes or EDNS options, we’ve tended to encourage people who already had acquired code points in the registry to document what they’re doing with them (see RFC 7871 on client-subnet, which had a code point and was in widespread use and *then* was brought to DNSOP).
> 
> Serious question: should we be encouraging people to document these optional extensions in RFCs?
> 
> A couple more points inline:
> 
> 
>> On Mar 26, 2018, at 11:46 AM, bert hubert <bert.hubert@powerdns.com> wrote:
>> 
>> I am optimistic that if we had a better 'hello, and welcome to DNS' document
>> we could point to, implementations would get better.  Or if they didn't, we
>> could at least point at that document and blame them for not reading it. 
>> This may prevent implementations that get confused if they get anything
>> other than an A query.
>> 
>> So my first suggested action is: could we write a document that has a core
>> introduction of DNS and then provides a recommended (not) reading list.
> 
> As discussed at the mic last Tuesday, I believe this is where DNSEXT got hung up, too: it’s likely to be hard work (given the effort that’s gone into just the terminology documents) and may not be considered the best use of people’s time by their assorted funding sources.
> 
> Earnest question, for discussion: should this document be an RFC, produced in the IETF? (I can see arguments both ways).
> 
> While we ponder this, there’s nothing to prevent anyone from posting a rudimentary internet-draft for consideration. 
> 
>> 
>> Secondly, what we've been doing already, is grouping the various standards
>> in categories.  Read this if you are doing X.  This could go in the first
>> document.
>> 
>> Thirdly, this may lead to a category of RFCs that you might be better off
>> not reading or implementing. I don't know if writing a draft that
>> specifically obsoletes record types or features that are never used is
>> helpful. In fact, adding MORE documents to the pile (even if meant to make
>> life easier) may be counterproductive. But simply noting that something
>> should not be implemented anymore would do rhe trick.
> 
> There are process rules around obsoleting or updating an RFC with a new one. They’re not onerous. But for the older RFCs, this could be more complicated than it sounds; a patch is going to be much harder to write than new text in several cases. (I saw a plan once to update RFC 2181 that involved six new documents; each would update or obsolete one section.)
> 
>> 
>> Fourthly, on the currently active drafts aiming to become Internet Standards
>> (with page numbers):
>> 
>> DNS Multiple QTYPEs 6
>> Secret Key Transaction Authentication for DNS (TSIG)	21
>> Address-specific DNS Name Redirection (ANAME)	11
>> C-DNS: A DNS Packet Capture Format	58
>> Extended DNS Errors	8
>> A Root Key Trust Anchor Sentinel for DNSSEC	14
>> Let 'localhost' be localhost.	9
>> Providing Minimal-Sized Responses to DNS Queries that have QTYPE=ANY	10
>> Security Considerations for RFC5011 Publishers	18
>> Serving Stale Data to Improve DNS Resiliency	9
>> DNS Stateful Operations	49
>> BULK DNS Resource Records	14
>> A DNS Query including A Main Question with Accompanying Questions	10
>> Returning extra answers in DNS responses.	8
>> 
>> These represent 245 pages of new reading material, or an increase of over
>> 10% on the already impressive list of DNS standards.
>> 
>> I did a cursory read of the DNSOP charter, and I think at least some of
>> these drafts do no not fall under even a very broad interpretation of our
>> remit.
> 
> Not all of these are WG documents (“candidate” just means someone has asked; bulk-rr for instance), and see above on the charter. 
> 
> The chairs don’t adopt documents we believe are off-charter, and would hope for pushback from the WG or our AD if we did. 
> 
> But in the context of the “Camel Problem,” arguing about the charter seems less useful than asking ourselves if we’re having second thoughts about the usefulness of documents the WG has adopted, or been asked to adopt. 
> 
> (This is long enough already, so further thoughts as the thread evolves. I do think it’s important to pursue the discussion.)
> 
> 
> Best,
> Suzanne
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop