Re: [DNSOP] Review of draft-livingood-dns-redirect-00

[Suzanne Woolf <woolf@isc.org>]

On Wed, Jul 15, 2009 at 09:16:06PM +0200, Roy Arends wrote:
> If you want a real analogy, think alternative roots. From the users  
> perspective, that is what is happening here: an alternative namespace  
> is created. Would we have a discussion at all if this perspective was  
> used?

Yes, we would.

Well, maybe not "we" who have been contributing to this discussion on
this list. But I've observed that telling people something they want
to do is "evil" doesn't really help them decide not to do it. Telling
them what harm will be done, or telling them that there's a better way
to accomplish their business or operational objectives, is often more
productive.

I find myself in discussions of alternate roots on a regular basis.
The most effective ones neither begin nor end with anyone being
accused of anything except trying to meet legitimate objectives by the
most effective means available. I'll go further and say that most of
the time, they'd even prefer to minimize harm to others along the
way. Even when the discussion is a disguise for an extortion play
("Give us what we want or we'll take our toys and go home"), asserting
that the subject is not even to be raised merely gives it more power
as a threat.

Some people are going to read an informational RFC documenting use
cases and mechanisms for DNS redirect as endorsement by the IETF. I
submit, however, that the same people were going to do it anyway,
probably in ignorance that there was any particular downside to it or
really with any more knowledge about it than they get from their
vendors.

> I would like to see some guidance from the WG chairs here. What is the  
> next step. In lieu I propose the following: [1] Gauge consensus about  
> adopting draft-livingood-dns-redirect-00 as a WG document. [2] if this  
> draft is not adopted, we should at least get another work item on the  
> list that documents the necessity to preserve the consistency of the  
> namespace, adhering to the end to end principle, and educate folk that  
> the DNS is not the web.

All important points, and all belong in a discussion of the downsides
of DNS redirect.

> Not that we should sit still and let this one go by. I actually think  
> that the effort of writing a new draft might be lesser than the effort  
> of trying to change draft-livingood-dns-redirect. I'll wait for  
> redirect-01 and decide if its worth spending time on draft-arends-dns- 
> response-modification-considered-harmful-00.

I hope redirect-01 is more strictly descriptive and can drop defensive
terms for DNS redirect, like "enhancement" of the "user experience",
since it's by no means agreed that crippling DNSSEC (for example)
enhances the value of the Internet for anyone.

(My defense of the draft is by no means to be read as endorsing DNS
redirect. I don't, for reasons I believe are so compelling that I'm
willing to try to work with others to articulate them and let people
decide for themselves.)