Re: [DNSOP] I-D Action: draft-ietf-dnsop-session-signal-02.txt

Ted Lemon <mellon@fugue.com> Thu, 10 August 2017 12:43 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10248132192 for <dnsop@ietfa.amsl.com>; Thu, 10 Aug 2017 05:43:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vM8LwX6FQzit for <dnsop@ietfa.amsl.com>; Thu, 10 Aug 2017 05:43:42 -0700 (PDT)
Received: from mail-pg0-x232.google.com (mail-pg0-x232.google.com [IPv6:2607:f8b0:400e:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 184001326A8 for <dnsop@ietf.org>; Thu, 10 Aug 2017 05:43:42 -0700 (PDT)
Received: by mail-pg0-x232.google.com with SMTP id u185so2581194pgb.1 for <dnsop@ietf.org>; Thu, 10 Aug 2017 05:43:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=k6wr3+epEhTIG4EDyqjDYChE6HAgrdTLnB6DACR++ro=; b=Nk/S3wU9JbvhCZE3yymHwHcjq5PhdfoC34n49c/XA9ZKJKUqSI0yC+9GzoZquqHh/n /Rt60JhJDJ8J0faRZ/KGzyvpi7khE3SBDA7d1EjOpXUrHcMgG+IL8ofuqhZ0UuLLnVad uc2hzc5o7cIO/npnb5uZ8d3R3kFmas9JqqezypVxHgPGK7mLuf4yIVIOGnN97lxnJtOr Tqg8BBBzFWbKN8rVk0ISxuJKhKEuRudJrjH8KudjfCYRLb0dKzzk+NWXvlZeErfunoNu efELmIDeKGw5lladwizJhUE6lnH7PXI2HKv44HX9GslFMwXBDDf/rKoAiWkwOcVCT1eF ehMg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=k6wr3+epEhTIG4EDyqjDYChE6HAgrdTLnB6DACR++ro=; b=Elg7+0LV8SII+CZ15zyatu61/HagPb8k+xJn7xtw4gdblVVuKHy6bQux+/U6bXS9h0 UtCXYjzLwyhU8JsQSby8b9u3pGHvBqOGWiSn/Uhzdc4i7Yl+YYmSUrsDDmQ59NBDyZsV SA6MSInAkln2my7O7qJj7deRW3L0W+9JyPkDvW7MLdQfVnuJCPbXX2xWY8KvrOM8YddW tB1sJC3mLb3BtlKZh6/RYiSV5rrpVcuyAlf0VuxMBTqzDrcMe1FD4I3RfZvf0p5QX3YN LEIArT/HYvGxrcp5DqKfuxmcXXDNFYCTwYvub9ih5JF5AUCtHIh1EJgvB/JZCF8RHZ01 z/YQ==
X-Gm-Message-State: AHYfb5hRu3wEz8z4SWfbIugHbIuKNg66HRA+JRPF/0GY01GsEOse7Lyb 88UoN9L1ssmP0L6ybwMcM+bGHpnPOMGP
X-Received: by 10.84.167.2 with SMTP id c2mr13336878plb.368.1502369021443; Thu, 10 Aug 2017 05:43:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.180.131 with HTTP; Thu, 10 Aug 2017 05:43:00 -0700 (PDT)
In-Reply-To: <aa568b4f-9af4-ead7-3ddb-a245029af63c@nic.cz>
References: <148944868965.20421.13262969145873649331@ietfa.amsl.com> <235049030.6432.1500569125325.JavaMail.zimbra@nic.cz> <20170720165043.g5e7jprg2hmoanf2@mx4.yitter.info> <697159393.6506.1500569982281.JavaMail.zimbra@nic.cz> <20170720170907.gksdgic47juhbn7e@mx4.yitter.info> <b7ee0e88-62ff-0ada-1570-f77a90de1d84@nic.cz> <CAPt1N1=YKtvrNzy7ZEziqF79Kti1=0BwxFYw90fyk21-NSn_uQ@mail.gmail.com> <aa568b4f-9af4-ead7-3ddb-a245029af63c@nic.cz>
From: Ted Lemon <mellon@fugue.com>
Date: Thu, 10 Aug 2017 08:43:00 -0400
Message-ID: <CAPt1N1k4ACH8fJUe-RZhtShboa+ihbnx7_r8s8+TD63bHB+Axw@mail.gmail.com>
To: =?UTF-8?B?UGV0ciDFoHBhxI1law==?= <petr.spacek@nic.cz>
Cc: dnsop WG <dnsop@ietf.org>, "dnsop-chairs@ietf.org" <dnsop-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c145baed854a00556658ba9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/xFzrRV1J8AakIRy8twTJomzX400>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-session-signal-02.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Aug 2017 12:43:46 -0000

Petr, forgive me for holding your feet to the fire on this, but you make
several statements along the lines of "for me, ... is stretching the
definition too far," "I disgree that this is less significant," et cetera,
but you don't actually raise any technical objections—you just expressed
uneasy feelings, with which I don't think the working group is competent to
help you.  Your claim that this is a new wire format is incorrect.   What
it would mean for this to be a new wire format is that it is incompatible
with the existing wire format.   Doing something like that is an
interesting job that is potentially worth working on, but would have a very
long deployment window, if it got deployed at all.

What we are proposing here is not a new wire format.  It is compatible
with, and enhances, the existing wire format.

As for whether the working group should in fact undertake some grand design
process for such a format, I don't have a strong opinion, but the first
question I would raise is simply this: do *you* want to undertake such an
effort?   If the answer is yes, can you give me a sense of what your goals
are?  The reason I ask is that IETF working groups are constrained to do
work that participants are willing to do, and thus far we have seen no
evidence that you are interested in working on this document, which has
been a working group document for a year.

As for whether this document is in charter, what we are proposing is
certainly in scope for the working group—it's very clearly an operational
enhancement for DNS in streaming protocols.   It doesn't change the way you
do DNS queries—it just adds some new capabilities for new implementations.
  I think it's very clearly useful—we already have three use cases for it.
  If we were to stop work on this document now, the work that now relies on
it would revert to what had been proposed earlier, which was not as
good—dnssd has been hanging fire waiting for this work to be done because
the working group wanted to cooperate with dnsop in producing something
more generally useful, rather than doing a one-off extension like Apple's
DNS Long-Lived Queries, which was never standardized.

So if there is something missing from the document, or something unclear,
or you wish we'd thought of ???, or think that !!! is not quite right and
have suggestions, I think that would be really helpful.   And of course the
working group chairs are free to agree with your vague feelings of unease
and drop this as a working group document.

But as for any sort of specific request that the authors or the working
group could act on, I am not hearing anything of that sort in what you have
said.   Can you think about this in that context, and see if you can more
clearly articulate what it is that you find lacking in this proposal, so
that the working group can figure out how to fix it?   Can you do it soon?

Thanks!

On Thu, Aug 10, 2017 at 7:28 AM, Petr Špaček <petr.spacek@nic.cz> wrote:

> Hello Ted and dnsop,
>
> and sorry for delayed answer (below). Your message forced me to think
> more about the draft, this time without focus on the wire format.
>
> Spoiler alert: I still do not like the proposal in its current form.
> Please see below.
>
> On 21.7.2017 10:22, Ted Lemon wrote:
> > I am hearing from a number of people that this is "a new protocol" and
> > hence requires careful thought and perhaps a new working group, along
> > with the associated delay.   I do not _entirely_ disagree with this
> > position, although it would be really inconvenient from my perspective.
> >
> > However, I would like to point out that the objection "it is a new
> > protocol" is not a technical objection.  Also, the same objection can
> > actually much more justly be raised against several other proposals that
> > were brought before the working group.   For example, the multiple
> > RRtypes proposal, the multiple responses proposal, and the extended
> > error codes proposal.
> >
> > All of these define new protocol, in ways that are in, like session
> > signaling, backward-compatible with the existing protocol.   The other
> > proposals are actually much more significant changes than session
> > signaling is, in terms of what they actually do, as opposed to what
> > their wire format is.
>
> Okay, I can see what you mean - there surely are various levels of
> complexity and protocol changes proposed in the last years for dnsop.
>
> However I disagree that adding session signalling to DNS is less
> significant change than e.g. multi-query/repose proposals.
>
> As you said, session signalling is a "control plane for DNS", which is a
> very new thing. Keeping (IMHO significant) wire format issues aside,
> adding a control plane to DNS is in my eyes a significant new
> development and should be treated as such.
>
>
> > And as for a new DNS wire format, which I also think would be a good
> > idea, this is pretty clearly /not /what session signaling is.   How
> > would you do a DNS query with session signaling?   In what way would it
> > be an improvement over the existing query format?   It's possible that a
> > new wire format can be built on top of session signaling, but session
> > signaling doesn't build a new wire format, and if we choose to do
> > session signaling, that doesn't preclude doing a different wire format
> > for queries later.
>
> Maybe one of the problems is that the current draft mixes three
> things in a single document:
> - The new wire format,
> - DNS control plane,
> - Session signaling functionality over the control plane.
> This is probably making things way harder to explain to non-authors than
> necessary.
>
> These really are separate things. I can imagine that control plane
> and potentially its wire format can be together in one document (but I'm
> still not convinced that the a wire format is necessary), but session
> signaling functionality itself should be certainly separate from that.
>
>
> Let's keep discussion about the wire format for later, there is even
> more significant issue ahead of us:
>
> > Session signaling is just a control plane for DNS.   It's useful.   I
> > would like to see it done sooner rather than later.   If we are not
> > going to do it sooner rather than later, I would like the reason to be
> > something more than vague unease about walking backwards into a new wire
> > format.
>
> The problem is that current proposal is creating some generic "control
> DNS plane" as by-product of session signaling functionality, as we were
> discussion during dnsop session.
> (References: "Totally flexible format" & "Concerned with embedding DNS
> messages in TLVs" in [2].)
>
> I believe that we really should not invent such generic mechanisms as
> by-products.
>
> If a WG agrees that a generic DNS control plane is needed, then it needs
> to be carefuly designed and described, including problem statement and
> analysis related to current and potential new transports. These are
> compleretely missing now.
>
>
> Moreover, the dnsop is specifically chartered to subset of possible
> changes [1] to the DNS protocol:
>
> 4. Publish documents  to address operational issues with the DNS
>     protocols by  extending or performing protocol maintenance
>     on them.  Act as  focal-point for operator discussion and provide
>     advice to the Ops ADs and other WGs on EDNS0 options,  new
>     RRTYPEs, DNSSEC,  record synthesis, or other mechanics of
>     extending DNS to support other applications.
>
> 5. Serve as a home for drafts that document the problem space
>    around existing or new DNS issues.  The group, with the advice
>    and consent of the responsible AD in coordination with other areas,
>    will then decide whether these  issues belong in DNSOP  under
>    the existing charter and, if not,  will work with the authors and
>    appropriate ADs to determine the proper place for the work to be
>    carried out.
>
> For me, adding control plane is just stretching this definition too far.
> If session signaling is covered by this charter then we must admit
> that dnsop can do anything it wants to the DNS protocol.
>
> [1] http://mailarchive.ietf.org/arch/msg/dnsop/MOFBFQAaZ2iZUDje3zWNBRn9xKQ
>
> [2] https://datatracker.ietf.org/meeting/99/materials/minutes-99-dnsop
>
>
> Again:
> If there is a need for a "DNS control plane" then it should be enginered
> as such and not invented as by-product of something else.
>
> Yes, it is a lot of work. And yes, it should start with problem
> statement for control plane (in general) and continue from there.
>
>
> I hope it explains why I still do not like the current proposal.
> Thank you for your attention.
>
> Petr Špaček  @  CZ.NIC
>
>
> >
> > On Fri, Jul 21, 2017 at 10:02 AM, Petr Špaček <petr.spacek@nic.cz
> > <mailto:petr.spacek@nic.cz>> wrote:
> >
> >     On 20.7.2017 19:09, Andrew Sullivan wrote:
> >     > On Thu, Jul 20, 2017 at 06:59:42PM +0200, Ondřej Surý wrote:
> >     >>> But it's certainly another step along the way to DNSbis by
> accident.
> >     >>
> >     >> Would it be useful to make it not "by accident"?
> >     >
> >     > Yes.  That was basically the point I was trying to make at the
> >     > beginning of today's session, about overall analysis.
> >     >
> >     >  > b) make this draft DNS-SD only, so it can fast forward...
> >     >>
> >     >
> >     > I'm not keen on this.
> >     >
> >     >
> >     >> c) use the changed paradigm to work on DNSbis without the
> accident part?
> >
> >     Yes please!
> >
> >     My main opposition comes from fact that current session signaling
> draft
> >     "accidentaly" defines new protocol which is using the old
> DNS-RFC1035 as
> >     "transport".
> >
> >     I would welcome DNSbis effort with clear cut. Here please note that
> >     clear cut does not mean that RR format and data, for example, has to
> be
> >     incompatible!
> >
> >     It is still possible to share big chunks of specifications (like RR
> >     definitions, namespace, etc.) but define a DNSbis protocol which is
> >     clearly distinguishable from the old DNS.
> >
> >     Petr Špaček  @  CZ.NIC
> >
> >     > I'm starting to wonder whether a bof is needed.  Maybe the IAB's
> >     > workshop will produce some fruit?
>