[DNSOP] draft-yao-dnsop-idntld-implementation-01.txt

Andrew Sullivan <ajs@shinkuro.com> Thu, 05 November 2009 20:59 UTC

Date: Thu, 05 Nov 2009 15:59:21 -0500
From: Andrew Sullivan <ajs@shinkuro.com>
To: dnsop@ietf.org
Message-ID: <20091105205921.GL17456@shinkuro.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
Subject: [DNSOP] draft-yao-dnsop-idntld-implementation-01.txt
Precedence: list

Dear colleagues,

I have read the document
draft-yao-dnsop-idntld-implementation-01.txt.  I note that there is an
agenda item on the DNSOP WG agenda to consider this draft.

I am strongly opposed to the draft, and wish to express my opposition
to it being adopted by the WG.  In my opinion, the draft places
altogether too much confidence in the notion that data consistency can
in any way be enforced across two completely different delegations.

If we are to take at all the idea of variants seriously, then what we
must suppose is that any name must be _functionally the same_ as all
the other variants of that name.  The only mechanism we have in the
DNS that approaches that functionality is DNAME.  DNAME is far from
ideal: it does not actually mirror the root of the tree, and there are
other nasty issues (MX is an obvious one).  The authors are correct
that a DNAME deployment could indeed lead DNS operators lower in the
tree to do broken things.  But neither of those issues holds a candle
to the mistaken notion that two actually different delegations may be
relied upon to be the same.

If we encourage NS delegation from the root into different zones that
are supposed to be the same, then in the absence of complicated,
as-yet-unwritten tools to enforce the lock step consistency of those
different delegations (and to check them all the time), the chances of
the different zones actually being the same all the time approaches
zero.  Since the principle of a variant is that it just be another
spelling for the name (as though we granted colour.com automatically
to the registrant color.com), any difference in the answer you get
from the servers for one and the servers for another is by definition
a problem.  

I appreciate the problems the authors are trying to solve, and I
understand why they are taking this path; but it is still the wrong
path, and I believe it to be a greater threatl to the stability of the
DNS than the introduction of DNAMEs near the top.

Best regards,

Andrew

-- 
Andrew Sullivan
ajs@shinkuro.com
Shinkuro, Inc.

Re: [DNSOP] draft-yao-dnsop-idntld-implementation… Eric Brunner-Williams
Re: [DNSOP] draft-yao-dnsop-idntld-implementation… YAO Jiankang
[DNSOP] draft-yao-dnsop-idntld-implementation-01.… Andrew Sullivan
Re: [DNSOP] draft-yao-dnsop-idntld-implementation… YAO Jiankang
Re: [DNSOP] draft-yao-dnsop-idntld-implementation… Andrew Sullivan
Re: [DNSOP] draft-yao-dnsop-idntld-implementation… Kim Davies
Re: [DNSOP] draft-yao-dnsop-idntld-implementation… Andrew Sullivan
Re: [DNSOP] draft-yao-dnsop-idntld-implementation… Alex Bligh
Re: [DNSOP] draft-yao-dnsop-idntld-implementation… Alireza Saleh
Re: [DNSOP] draft-yao-dnsop-idntld-implementation… Andrew Sullivan
Re: [DNSOP] draft-yao-dnsop-idntld-implementation… Alex Bligh
Re: [DNSOP] draft-yao-dnsop-idntld-implementation… James Seng
Re: [DNSOP] draft-yao-dnsop-idntld-implementation… Paul Hoffman
Re: [DNSOP] draft-yao-dnsop-idntld-implementation… Masataka Ohta
Re: [DNSOP] draft-yao-dnsop-idntld-implementation… Todd Glassey
Re: [DNSOP] draft-yao-dnsop-idntld-implementation… Edward Lewis
Re: [DNSOP] draft-yao-dnsop-idntld-implementation… YAO Jiankang
Re: [DNSOP] draft-yao-dnsop-idntld-implementation… YAO Jiankang
Re: [DNSOP] draft-yao-dnsop-idntld-implementation… YAO Jiankang
Re: [DNSOP] draft-yao-dnsop-idntld-implementation… YAO Jiankang
Re: [DNSOP] draft-yao-dnsop-idntld-implementation… Andrew Sullivan