Re: [DNSOP] The DNSOP document list; request for reviewers

["Hosnieh Rafiee" <ietf@rozanak.com>]

> > Maybe now it is a good timing to raise this question that whether or
> > not DNSOP WG wants to accept to work on this draft or whether wants to
> > leave it to intarea. If it supposed to discuss in DNSOP then it needs
> > to be in the list of working items in the links of documents. Please
share
> your opinions.
> 
> Not in DNSOP. It is not about DNS operations; it is supposedly about
privacy of
> DNS queries. (I say "supposedly" because, even after 11 drafts, it is
still
> completely unclear what needs to exist before this proposal can work.)

The problem is that I have several times explained in the mailinglist the
purpose. Also in last versions, some reviewers also explained how this draft
can be useful to secure the last miles of the internet. When  folks did not
read the draft, they could not know what this draft is used for or what it
supposed to address. So, judging it before reading it doesn't seem to be
correct. If you followed the mailinglist from the earliest version you would
find out that the main focus of this draft was only secure authentication
and automation for this process as much as possible. IN other word,
addressing the last miles of the internet where TSIG or DNSSEC are unable to
easily address. All the requirements explained in the draft and how to
easily handle them incase some of the requirements are not available was
also explained in the draft. Let me give you an example, One example is
about IPv6 and in case the node doesn't support SeND. The privacy section
was added when I was convinced about DNS privacy. But not since I am no
longer convinced because I say that if the other traffic supposed to be not
encrypted then DNS privacy does not help. This is the case that I only
changed it to optional possibility that this draft can support without any
extra efforts and with the same way that it supports secure authentication
and automate this process.
About the versioning of this draft, that is because the reviewers of that
had different taste. Some asked to add comparison of this or that, some
others said to bring this section to top and change the place of this
section to down. So, if you check the Diffs you would see what are the
differences versions that is more on organizations rather than the whole
idea behind it .  

To summarize; the main contribution and focus of this draft from beginning
was/is only secure authentication and automation of this process where TSIG
or DNSSEC might not easily handle. This is during DDNS especially for PTR
record or other scenarios explained in the draft. It is only an assistant
mechanism to remove the gap as much as possible in first point of trust.
The section that most people have problem (or problem statement) is because
it appears to me that there are different opinions on the organization of
the drafts. Some like the old organization of this draft, some say if I add
this it would be clear or if I add that it would be clearer. In any case I
welcome all inputs and tried to apply them. I also sometimes updated the
draft in a short period of time that caused many versions due to the fact I
found some editorial mistake left during review process of the one who were
helping me improve the language.


I'm
> not at all convinced it belongs in INTAREA either.
> 

So now again, the same question. if it doesn't belong to DNSOP while it
appears it can be (as far as I can remember Suzanne (sorry if I spelled it
incorrectly) in my last IETF meeting, during my presentation in intarea,
said that why this draft is in Intarea and this is the work should be done
in DNS area...)) and you say it is not related to neither DNSOP nor Intarea,
then where is its place? Where the drafts should go when DNSEXT is no longer
available and this draft belonged to there?

Thanks,
Best,
Hosnieh