IETF Logo Mail Archive

Re: To "lose the argument in the WG"

Mark Andrews <marka@isc.org> Tue, 14 February 2017 06:02 UTC

Return-Path: <marka@isc.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EDAC1294EF for <ietf@ietfa.amsl.com>; Mon, 13 Feb 2017 22:02:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.902
X-Spam-Level:
X-Spam-Status: No, score=-6.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JWFi2H6Rw1Gd for <ietf@ietfa.amsl.com>; Mon, 13 Feb 2017 22:02:04 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 830DA12940B for <ietf@ietf.org>; Mon, 13 Feb 2017 22:02:04 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id DAF9E349476; Tue, 14 Feb 2017 06:02:01 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id C48E6160053; Tue, 14 Feb 2017 06:02:01 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id AFE54160050; Tue, 14 Feb 2017 06:02:01 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Ma5Lz9EJydym; Tue, 14 Feb 2017 06:02:01 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 0FCC016004C; Tue, 14 Feb 2017 06:02:01 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 73B32639AEDF; Tue, 14 Feb 2017 17:01:56 +1100 (EST)
To: dcrocker@bbiw.net
From: Mark Andrews <marka@isc.org>
References: <66A86016-0382-4B2C-B9E8-30638237CB68@qti.qualcomm.com> <00e13499-7cea-a79a-7de1-dd9bad4bc530@dcrocker.net>
Subject: Re: To "lose the argument in the WG"
In-reply-to: Your message of "Mon, 13 Feb 2017 21:07:17 -0800." <00e13499-7cea-a79a-7de1-dd9bad4bc530@dcrocker.net>
Date: Tue, 14 Feb 2017 17:01:56 +1100
Message-Id: <20170214060156.73B32639AEDF@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/6M3cQvTSP2HKcvk95TDklc5j3Is>
Cc: Pete Resnick <presnick@qti.qualcomm.com>, IETF discussion list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2017 06:02:05 -0000

In message <00e13499-7cea-a79a-7de1-dd9bad4bc530@dcrocker.net>, Dave Crocker wr
ites:
> On 2/13/2017 8:50 PM, Pete Resnick wrote:
> > The WG participant who felt that the functionality should be in-scope
> > and is perfectly within bounds to make the case that the functionality
> > is somehow necessary during Last Call. The chair and/or AD should
> > summarize why they judged the functionality to be out of scope. Others
> > in the community might want to take up the argument and explain why it
> > should be added.
> 
> 
> This sounds like reasonable theory, but is actually rather destructive 
> practice.
> 
> It takes the position that Last Call is acceptable to use as a form of 
> appeals process, where folk who have been working on the topic for an 
> extended time have to defend their choices to a collection of other folk 
> who are new to the topic and are, therefore, making snap judgements.
> 
> While, yes, there will be times that the new folk see something new or 
> better, that's not the usual occurrence.  The usual occurrence is that 
> folk who are experienced with the topic and are tired from the extended 
> effort have to rehash their work and defend it to folk who have not done 
> their homework.

And workgroups get it wrong.

I gave up trying to convince behave that the DNS64 DNSSEC processing
was insane.  Validating clients send both <DO=1,CD=1> and <DO=1,CD=0>
queries.  You can't expect synthesised AAAA response to be accepted
with either set of flags.  They wanted a flag that said that the
client is validating and that DOES NOT EXIST in DNSSEC.  DO=1 say
a client MAY be validating.  DO=0 indicates that it is NOT validating.
CD is independent of whether the client is validating or not.  Lots
of wishful thinking when that section was written.

I also gave up trying to get 5.9. "Always Set the CD Bit on Queries"
removed from the draft for RFC 6840.  Named totally ignores that
section because it just plain bad advice.  Recursive servers need
to honour CD as originally specified or there are failure modes
that are not recoverable when some of the authorative servers are
broken or the recursive server is under attack unless CD is
controllable.

You need to be able to control validation in the entire chain of
recursive servers for DNSSEC to work.  There are a number of different
failure senarios in DNSSEC.  Some require CD=1 to recover from (if
you initially set CD=0), some require CD=0 to recover from (if you
initially sent CD=1).  In both cases CD needs to passed down the
entire chain for the recovery to work.

Should I have raise these again at IETF last call?

Mark

> Either working groups are where the work really does get done or they 
> aren't.  The burden of having to worry about and deal with a larger, 
> less-involved community being frankly encouraged to second-guess the 
> folk who have actual skin in the game, is an example of what makes the 
> formality of IETF process onerous.
> 
> Last Call should not require a working group to be subject to random 
> demands to defend itself.  It should be for independent reviews that see 
> something the working group missed.  Missed is different from "we had a 
> choice and we made it".
> 
> If a fresh reviewer really does do their homework and really does 
> present a good case for making a different decision, that's fine.  But 
> it also is quite different than supporting the re-hashing exercise that 
> occurrs when an existing wg participant expresses dissatisfaction with a 
> decision made during normal wg processes.
> 
> d/
> 
> ps. Pete's other point was about a claim that an issue didn't really get 
> settled and needs further review.  That's quite a different case.  Maybe 
> it's worthy for LC discussion.  Maybe it isn't.  Dunno.
> 
> pps. There's at least one case where I chose to attempt to use LC as a 
> kind of appeals process, since I deemed the wg process to have been 
> significantly flawed, including the cognizant AD.  Like all good rules, 
> there need to be some exceptions thoughtfully permitted, though of 
> course my effort in this example of an exception bore no fruit...
> 
> -- 
> 
>    Dave Crocker
>    Brandenburg InternetWorking
>    bbiw.net
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email