IETF Logo Mail Archive

Re: [DNSOP] Current DNS standards, drafts & charter

Suzanne Woolf <suzworldwide@gmail.com> Mon, 26 March 2018 23:26 UTC

Return-Path: <suzworldwide@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91795127876 for <dnsop@ietfa.amsl.com>; Mon, 26 Mar 2018 16:26:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RIt9gzAJ6A87 for <dnsop@ietfa.amsl.com>; Mon, 26 Mar 2018 16:26:23 -0700 (PDT)
Received: from mail-qt0-x22d.google.com (mail-qt0-x22d.google.com [IPv6:2607:f8b0:400d:c0d::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E7B8126C25 for <dnsop@ietf.org>; Mon, 26 Mar 2018 16:26:23 -0700 (PDT)
Received: by mail-qt0-x22d.google.com with SMTP id j26so21423659qtl.11 for <dnsop@ietf.org>; Mon, 26 Mar 2018 16:26:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ck1Gm0rmPgnOUxjBPspoM2Wfi6B4Rj2xbYEPK0JUkiQ=; b=qWtQWsvOZwrBjbZ6BIhoINAsKWZbrd8OWFzENbOokNc8mk+EN+Lp9NfuWHjWlkuSvZ DN5DT3EdVjUxDJa/GGZMSqWt4d8BE+BANBmbggX5RIYBHppYDThl8JDeIqGMcKoyM9kf czo89mbASRzl55Zsl1wkwoWeqibp6POU/2IPRfS1tQu+tOVuWwJjDrGByp++OQqbrHDo ZMK8Wzw7SsknM6jiK3bkzf6LE3X95zZ/alJoHvUeUzAmeuYAJ9mpQ+qYzylMWQCGqGap nm0YX78jCFB8fApjRO24TVZtnrJiZ7MwllQD5Q9tvYJajKJYgxnmLkXS3dl4LLMcOU+u v0GA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ck1Gm0rmPgnOUxjBPspoM2Wfi6B4Rj2xbYEPK0JUkiQ=; b=tqALfsd34LQoe1bYa5LMnbd/DUdkDn3NKYZL5LPt/m30gs+BLzkFaNdvg2TvBQMujg Pe4tUPMRsUkw/fhBCz/gr7+3nQnlUJdGbwZ7gQ8jKUBhu/h33BbTbZ6YKma88YjAf+ZY k126K3GsikV7FdRimd9YBNT4G3MiuSvf6Wa8nx+pdDrgCdA6QhM8D8E1cMp09EcOKGlt OljyLgntdA9YHm8F6uk6rZxBe18yBcTOY9mYmsE9TAy1B/uo23FN5km8FcgyhAPE8BP8 +5O6DlVOkXffUr5TLwuJ7fURRGmJc03u01JIzOo3VwPnVc6uq2ap9J+k5A6eR+0KG2Oq uI9Q==
X-Gm-Message-State: AElRT7EdqavsCNNyrJXpRybWzLHfbbRjbcCQBET+HG/SoehWq3/59bN3 QNSTUrWPNue+qJzn7B9LWzlP3qzw
X-Google-Smtp-Source: AG47ELsvZWJJVAKukYmx/TtP1PCcmPOyNL8OTr1+QTaxv3I+SXunEjb1xoN+/V1dVCEu4aeAlYHF+Q==
X-Received: by 10.237.44.199 with SMTP id g65mr56811203qtd.124.1522106782551; Mon, 26 Mar 2018 16:26:22 -0700 (PDT)
Received: from ?IPv6:2601:181:c300:3d20:49e7:271:6b4:90b? ([2601:181:c300:3d20:49e7:271:6b4:90b]) by smtp.gmail.com with ESMTPSA id b125sm1575267qkd.62.2018.03.26.16.26.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 26 Mar 2018 16:26:21 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Suzanne Woolf <suzworldwide@gmail.com>
In-Reply-To: <20180326154645.GB24771@server.ds9a.nl>
Date: Mon, 26 Mar 2018 19:26:20 -0400
Cc: dnsop@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <CA3D81B6-164F-4607-A7E6-B999B90C4DA8@gmail.com>
References: <20180326154645.GB24771@server.ds9a.nl>
To: bert hubert <bert.hubert@powerdns.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/w1y_IyRK9LYpI4nQ2v-VFuxDpZ8>
Subject: Re: [DNSOP] Current DNS standards, drafts & charter
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Mar 2018 23:26:25 -0000

Hi all,

First, thanks for running with this.

Top-posting a couple of process observations:

First, the chairs are always open to discussion of what documents belong in the WG, interpretation/revision of our charter, etc. There’s a certain amount of process to be observed, especially if we want to revise our charter, but nothing unmanageable; it’s the chairs’ job to make process work for the WG rather than the other way around.

The current DNSOP charter was deliberately written to be flexible in what we could work on. Normally an IETF WG is chartered to perform a fairly tightly constrained piece of work and then either re-charter to an equally specific next work item, or shut down. But part of the purpose of keeping DNSOP around in a slightly more open-ended fashion was that the community seemed to believe that major protocol work on DNS was done, but there would still be pressure to provide for small tweaks on the wire and review Informational documents on operational practice such as DNSSEC maintenance.

Since then, a couple of pieces of work with significant protocol implications have gotten some initial review in DNSOP, and then moved to new WGs such as DPRIVE. Most of the documents DNSOP publishes are standards track only for procedural reasons— implementing them is strictly optional for interoperability on the public internet— or are informational.

If the WG feels that the previous view of how DNSOP should work has been overtaken by events, we can certainly work with our Area Director (hi Warren!) on a revised charter.

Given the deliberately loose boundaries on the current charter, we can adjust what we’re doing instead of (or during) the formal process of revising it. The charter we have doesn’t obligate us to adopt any particular work item, or to pursue one that’s been adopted but that the WG finds it doesn’t want to pursue after all. 

In my own strictly subjective impression, some of what we’re publishing is first written as an internet-draft….but some is implemented first in the field and then brought back to the IETF to be documented in an informational RFC so other implementers can write compatible behavior into their software, or so operators who want to use a particular feature can figure out how (*lots* of DNSSEC docs), or operators who don’t want to use a particular feature can (relatively) easily find ways around it. 

The pressure to standardize extensions to the DNS actually seems lower in the last few years, because both the RRtype registry and the EDNS opt registry policies are expert review rather than standards action. However, the tendency to desire DNS-over-new-transport is recent. So is DPRIVE. So are the assorted optimizations used by CDN operators such as serve-stale and client-subnet.

It’s also worth noting that many WG participants (operators and implementers alike) have argued over the years that having the IETF refuse to publish an RFC does nothing to discourage people from inventing and fielding new features, it just makes it harder to find out what they’re doing— whether you want to interoperate with them or simply avoid them. So for novel uses of RRtypes or EDNS options, we’ve tended to encourage people who already had acquired code points in the registry to document what they’re doing with them (see RFC 7871 on client-subnet, which had a code point and was in widespread use and *then* was brought to DNSOP).

Serious question: should we be encouraging people to document these optional extensions in RFCs?

A couple more points inline:


> On Mar 26, 2018, at 11:46 AM, bert hubert <bert.hubert@powerdns.com> wrote:
> 
> I am optimistic that if we had a better 'hello, and welcome to DNS' document
> we could point to, implementations would get better.  Or if they didn't, we
> could at least point at that document and blame them for not reading it. 
> This may prevent implementations that get confused if they get anything
> other than an A query.
> 
> So my first suggested action is: could we write a document that has a core
> introduction of DNS and then provides a recommended (not) reading list.

As discussed at the mic last Tuesday, I believe this is where DNSEXT got hung up, too: it’s likely to be hard work (given the effort that’s gone into just the terminology documents) and may not be considered the best use of people’s time by their assorted funding sources.

Earnest question, for discussion: should this document be an RFC, produced in the IETF? (I can see arguments both ways).

While we ponder this, there’s nothing to prevent anyone from posting a rudimentary internet-draft for consideration. 

> 
> Secondly, what we've been doing already, is grouping the various standards
> in categories.  Read this if you are doing X.  This could go in the first
> document.
> 
> Thirdly, this may lead to a category of RFCs that you might be better off
> not reading or implementing. I don't know if writing a draft that
> specifically obsoletes record types or features that are never used is
> helpful. In fact, adding MORE documents to the pile (even if meant to make
> life easier) may be counterproductive. But simply noting that something
> should not be implemented anymore would do rhe trick.

There are process rules around obsoleting or updating an RFC with a new one. They’re not onerous. But for the older RFCs, this could be more complicated than it sounds; a patch is going to be much harder to write than new text in several cases. (I saw a plan once to update RFC 2181 that involved six new documents; each would update or obsolete one section.)

> 
> Fourthly, on the currently active drafts aiming to become Internet Standards
> (with page numbers):
> 
> DNS Multiple QTYPEs 6
> Secret Key Transaction Authentication for DNS (TSIG)	21
> Address-specific DNS Name Redirection (ANAME)	11
> C-DNS: A DNS Packet Capture Format	58
> Extended DNS Errors	8
> A Root Key Trust Anchor Sentinel for DNSSEC	14
> Let 'localhost' be localhost.	9
> Providing Minimal-Sized Responses to DNS Queries that have QTYPE=ANY	10
> Security Considerations for RFC5011 Publishers	18
> Serving Stale Data to Improve DNS Resiliency	9
> DNS Stateful Operations	49
> BULK DNS Resource Records	14
> A DNS Query including A Main Question with Accompanying Questions	10
> Returning extra answers in DNS responses.	8
> 
> These represent 245 pages of new reading material, or an increase of over
> 10% on the already impressive list of DNS standards.
> 
> I did a cursory read of the DNSOP charter, and I think at least some of
> these drafts do no not fall under even a very broad interpretation of our
> remit.

Not all of these are WG documents (“candidate” just means someone has asked; bulk-rr for instance), and see above on the charter. 

The chairs don’t adopt documents we believe are off-charter, and would hope for pushback from the WG or our AD if we did. 

But in the context of the “Camel Problem,” arguing about the charter seems less useful than asking ourselves if we’re having second thoughts about the usefulness of documents the WG has adopted, or been asked to adopt. 

(This is long enough already, so further thoughts as the thread evolves. I do think it’s important to pursue the discussion.)


Best,
Suzanne

v2.23.0 | Report a Bug | By Email