Re: ietf Digest, Vol 116, Issue 6
Embet Tadesse <embetembet@yahoo.com> Thu, 04 January 2018 12:48 UTC
Return-Path: <embetembet@yahoo.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5907B127369 for <ietf@ietfa.amsl.com>; Thu, 4 Jan 2018 04:48:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.019
X-Spam-Level:
X-Spam-Status: No, score=-2.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_MIME_MALF=0.01, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NoSoWxpwmVOJ for <ietf@ietfa.amsl.com>; Thu, 4 Jan 2018 04:48:01 -0800 (PST)
Received: from sonic305-2.consmr.mail.bf2.yahoo.com (sonic305-2.consmr.mail.bf2.yahoo.com [74.6.133.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38BAF12711A for <ietf@ietf.org>; Thu, 4 Jan 2018 04:48:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1515070079; bh=0iGi6JdrrGVqBydd3lAQlIUKrNowMZf6BflDb8Ex+uM=; h=Date:From:Reply-To:To:In-Reply-To:References:Subject:From:Subject; b=ammq894bZj6H0tDjkm6WCfz7JRdK8in704bk38akD2Wn9mOPZ7yuC6g1gHKpmewHi8FqMBfbQFTs7hXrQG+oyZFNYVKOJ/9SuR7tYjcB7z2FQe5plS1yB97CFE65xgPwA51Pwsow024nHZfqCVUCotDvRaMIg00UJETWBkfLqX6VZ6xHcCNQuKjhfq910szFtRzWxmSGu6Ts1I2W5V2ISQmEcKE6BzNrekWhMgtHcMtSJqrookQNhLMqHSX7twbu9Jru8pAN0e+b2cr/qD3Phlo6uxMuOTjMP7xP9Pq6vPBAarpeDdRp4cwrSb9LJwE+uSvEhcarvOwWRojq3PS9xw==
X-YMail-OSG: WxMfoggVM1m.JaKDqRA5ngY8We_M3jfXVh4YYt06QAUipf4F5eU7NMNXMUlOfz4 HuwCdMbt37BZPI2KfuH0Dx82irFu6XYbqM6sfE.H4MMeaQpSUcAxOWhKK_RIdMBNbSz4GKbIHHAQ FMky6cd5NZ_vyFp_0I7YbJC9D3bOGdwPHC94io0OTEDzPxklNDm6q29NwRllbDm2RFgXj9MQcvLg 4hrLRCCHpn5doBK4M4T7raxVGKfZhi5Wr0qx1wqWkzJKxdBKJXBn7YsfIsMUcjHAch0zmGcojrUT iEjc7nwiRvsfwbgXb6fk3wnkvY03twwVwg.TJrUnu82AMxuZwOonJ68LJeF3S9aQiWM9ySdxC21T N31P6ERQ22yPDe0kbEa_z7Pt0e0VSFLa0GwZPSP_Xlg684R77LyzRj7ibrtmlGpBxHQqDr.xK9Y2 BWgjneZB_fTVjo7q5fBD7v01FZpmJ0Q3v_cKB.T5SHAl2GA2S8zSjlJbPXX2Pfgrom1il7iPGmXt e2UeqJfWA4zMtCqqc5oDqpC5KWxv8VT8m
Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.bf2.yahoo.com with HTTP; Thu, 4 Jan 2018 12:47:59 +0000
Date: Thu, 04 Jan 2018 12:47:58 +0000
From: Embet Tadesse <embetembet@yahoo.com>
Reply-To: Embet Tadesse <embetembet@yahoo.com>
To: "ietf@ietf.org" <ietf@ietf.org>
Message-ID: <853190732.267907.1515070078152@mail.yahoo.com>
In-Reply-To: <mailman.1416.1515069710.4011.ietf@ietf.org>
References: <mailman.1416.1515069710.4011.ietf@ietf.org>
Subject: Re: ietf Digest, Vol 116, Issue 6
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_267906_1089717641.1515070078119"
X-Mailer: WebService/1.1.11150 YahooMailNeo Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2680.0 Safari/537.36
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/co1xMwAsZDFOlUeuv7cEvZkqg5E>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jan 2018 12:48:05 -0000
thanks for the information
On Thursday, January 4, 2018 4:42 AM, "ietf-request@ietf.org" <ietf-request@ietf.org> wrote:
Send ietf mailing list submissions to
ietf@ietf.org
To subscribe or unsubscribe via the World Wide Web, visit
https://www.ietf.org/mailman/listinfo/ietf
or, via email, send a message with subject or body 'help' to
ietf-request@ietf.org
You can reach the person managing the list at
ietf-owner@ietf.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ietf digest..."
Today's Topics:
1. Re: Reporter re: Technical solution for robust
interconnection if Russia & BRICs set own root? (S Moonesamy)
2. Re: Reporter re: Technical solution for robust
interconnection if Russia & BRICs set own root? (Nick Hilliard)
3. Re: Reporter re: Technical solution for robust
interconnection if Russia & BRICs set own root? (Mark Andrews)
4. Re: Reporter re: Technical solution for robust
interconnection if Russia & BRICs set own root? (Amreesh Phokeer)
5. Re: Reporter re: Technical solution for robust
interconnection if Russia & BRICs set own root? (S Moonesamy)
6. Re: Last Call: <draft-ietf-netmod-entity-07.txt> (A YANG Data
Model for Hardware Management) to Proposed Standard (tom p.)
----------------------------------------------------------------------
Message: 1
Date: Wed, 03 Jan 2018 15:13:50 -0800
From: S Moonesamy <sm+ietf@elandsys.com>
To: Dave Burstein <daveb@dslprime.com>, ietf@ietf.org
Subject: Re: Reporter re: Technical solution for robust
interconnection if Russia & BRICs set own root?
Message-ID: <6.2.5.6.2.20180103145346.11b53e40@elandnews.com>
Content-Type: text/plain; charset="us-ascii"; format=flowed
Hi Dave,
At 09:08 AM 02-01-2018, Dave Burstein wrote:
>today. The principles are simple; the implementation is demanding.
>So I'm asking engineers, "What technical systems must must be built
>to ensure robust interconnection, assuming everyone wants to work in
>good faith?"
The proceedings of SIGCOMM 1988, 106-114, discuss about survivability
in the face of failure. That might be similar to the "robust
interconnection" which is mentioned above. Part of the message [1] is
about DNS. There is a 2006 document about that (SSAC 009).
Regards,
S. Moonesamy
1. https://www.ietf.org/mail-archive/web/ietf/current/msg105855.html
------------------------------
Message: 2
Date: Wed, 03 Jan 2018 23:54:42 +0000
From: Nick Hilliard <nick@foobar.org>
To: S Moonesamy <sm+ietf@elandsys.com>
Cc: Dave Burstein <daveb@dslprime.com>, ietf@ietf.org
Subject: Re: Reporter re: Technical solution for robust
interconnection if Russia & BRICs set own root?
Message-ID: <5A4D6D42.9050800@foobar.org>
Content-Type: text/plain; charset=UTF-8
S Moonesamy wrote:
> Hi Dave,
> At 09:08 AM 02-01-2018, Dave Burstein wrote:
>> today. The principles are simple; the implementation is demanding. So
>> I'm asking engineers, "What technical systems must must be built to
>> ensure robust interconnection, assuming everyone wants to work in good
>> faith?"
>
> The proceedings of SIGCOMM 1988, 106-114, discuss about survivability in
> the face of failure. That might be similar to the "robust
> interconnection" which is mentioned above. Part of the message [1] is
> about DNS. There is a 2006 document about that (SSAC 009).
it would be important to be careful about language. "Interconnection"
refers to IP layer connectivity, but this is a discussion about
alternative DNS roots.
The technical work on this was done in two tranches: the first works in
the 1990s were a result of the AlterNIC saga, when BIND 4.9 was hardened
against dns pollution from alternative servers. Until then, DNS
poisoning from misconfigured and malconfigured DNS server had been an
ongoing problem, but this formed a new baseline standard for handling
cache pollution.
The second major improvement was dnssec, which requires a single root
per resolver. If Russia or anyone else sets up an alternative root, then
dnssec-enabled resolution will fail for dnssec domains on other roots.
Incidentally, alternative DNS roots are nothing new. ICANN even has an
info page on them:
https://icannwiki.org/Alternative_Roots
Nick
------------------------------
Message: 3
Date: Thu, 4 Jan 2018 13:48:34 +1100
From: Mark Andrews <marka@isc.org>
To: Nick Hilliard <nick@foobar.org>
Cc: S Moonesamy <sm+ietf@elandsys.com>, Dave Burstein
<daveb@dslprime.com>, ietf@ietf.org
Subject: Re: Reporter re: Technical solution for robust
interconnection if Russia & BRICs set own root?
Message-ID: <C1C08207-6F30-4E17-A580-E6ABFE3E61A5@isc.org>
Content-Type: text/plain; charset=utf-8
> On 4 Jan 2018, at 10:54 am, Nick Hilliard <nick@foobar.org> wrote:
>
> S Moonesamy wrote:
>> Hi Dave,
>> At 09:08 AM 02-01-2018, Dave Burstein wrote:
>>> today. The principles are simple; the implementation is demanding. So
>>> I'm asking engineers, "What technical systems must must be built to
>>> ensure robust interconnection, assuming everyone wants to work in good
>>> faith?"
>>
>> The proceedings of SIGCOMM 1988, 106-114, discuss about survivability in
>> the face of failure. That might be similar to the "robust
>> interconnection" which is mentioned above. Part of the message [1] is
>> about DNS. There is a 2006 document about that (SSAC 009).
>
> it would be important to be careful about language. "Interconnection"
> refers to IP layer connectivity, but this is a discussion about
> alternative DNS roots.
>
> The technical work on this was done in two tranches: the first works in
> the 1990s were a result of the AlterNIC saga, when BIND 4.9 was hardened
> against dns pollution from alternative servers. Until then, DNS
> poisoning from misconfigured and malconfigured DNS server had been an
> ongoing problem, but this formed a new baseline standard for handling
> cache pollution.
>
> The second major improvement was dnssec, which requires a single root
> per resolver. If Russia or anyone else sets up an alternative root, then
> dnssec-enabled resolution will fail for dnssec domains on other roots.
It requires that trust anchors be install for each of the namespaces so
that DNSSEC will work. Its a bit brittle but not impossible. If ICANN
was to remove .ru from the root you could restore validation by configuring
the validators to know about .ru DNSSEC key.
e.g. (for BIND/named)
managed-keys {
. initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=";
ru. initial 257 3 8 "AwEAAcqaT0pNXB/C84rvc/ola8FMLUBF4roNNt4062EjXlUcKIHCCy/Xw4gkQzYG4pfr4MVsjUwp2D1SFFGGwx3Gp2/gZ1za7mGDoNHUeIZqGRxJmHlWatwaFcFh2yteyHRHh5L0WaJkMhoWrojXBf5S/Cl4BFr/5VuSFMuFV7JrEFkv9ybsiGEvsLT6c/bEhduqHSYj5wAvwHep7If92UO8accRP5AxAphkb6dlRc6kv+yJ+GABaNvxHMYJLwYai2/yvhpvvluT9BB/BtIct85Xh1BTcDpGnv1fhJo/dJPTcynjXY0i5GPVvQaOZbuyHdZEaCUJfSWAmERjYvpPlcamiTE=?;
};
zone ?ru? {
type stub;
masters { 194.190.124.17; 193.232.156.17; 193.232.128.6; 193.232.142.17; 194.85.252.62; };
file ?ru.stub?;
};
Similar is possible for all other nameservers.
> Incidentally, alternative DNS roots are nothing new. ICANN even has an
> info page on them:
>
> https://icannwiki.org/Alternative_Roots
>
> Nick
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
------------------------------
Message: 4
Date: Thu, 4 Jan 2018 10:04:30 +0400
From: Amreesh Phokeer <amreesh.phokeer@gmail.com>
To: Dave Burstein <daveb@dslprime.com>
Cc: ietf@ietf.org
Subject: Re: Reporter re: Technical solution for robust
interconnection if Russia & BRICs set own root?
Message-ID:
<CACRw5znS6vbNzSLq9N8qFh9kqk8thuesexz4oR5RmbmaeJep=g@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Hi Dave,
On Tue, Jan 2, 2018 at 9:08 PM, Dave Burstein <daveb@dslprime.com> wrote:
>
> I'm on the U.S. State Department ITAC and know the U.S. position is that
> DNS must be controlled by ICANN (which does a decent job.)
> Columbia Professor Eli Noam convinced me a "network of networks" was
> possible <http://bit.ly/ManyNets>
> ?. With "robust interconnection" Noam and ICANN CEO Fadi Chehadi confirmed
> to me there was no technical reason the Chinese, Hebrews, Verizon or any
> other competent party couldn't set up independently. With "robust
> inteerconnection" the primary benefits of "The Internet" could be
> maintained. Fadi added the rub was how to ensure that robust
> interconnection.
>
Indeed. A truly decentralized internet is what we should aim for. But think
of DNSSEC, things are very much centralized at the moment.
There have been some attempts:
https://en.wikipedia.org/wiki/OpenNIC
http://www.open-root.eu/?lang=en
And also some blockchain-based alternatives:
https://en.wikipedia.org/wiki/Namecoin
https://blockstack.org/
Regards,
--
Amreesh Phokeer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailarchive.ietf.org/arch/browse/ietf/attachments/20180104/8b1db6cf/attachment.html>
------------------------------
Message: 5
Date: Wed, 03 Jan 2018 23:18:50 -0800
From: S Moonesamy <sm+ietf@elandsys.com>
To: Nick Hilliard <nick@foobar.org>, ietf@ietf.org
Cc: Dave Burstein <daveb@dslprime.com>
Subject: Re: Reporter re: Technical solution for robust
interconnection if Russia & BRICs set own root?
Message-ID: <6.2.5.6.2.20180103223446.112110f8@elandnews.com>
Content-Type: text/plain; charset="us-ascii"; format=flowed
Hi Nick,
At 03:54 PM 03-01-2018, Nick Hilliard wrote:
>it would be important to be careful about language. "Interconnection"
>refers to IP layer connectivity, but this is a discussion about
>alternative DNS roots.
Yes. There isn't much to add to an "alternative DNS roots"
discussion as there has been numerous discussions about that topic.
Regards,
S. Moonesamy
------------------------------
Message: 6
Date: Thu, 4 Jan 2018 12:37:02 -0000
From: "tom p." <daedulus@btconnect.com>
To: <ietf@ietf.org>
Cc: <netmod-chairs@ietf.org>, <bclaise@cisco.com>, <netmod@ietf.org>,
<draft-ietf-netmod-entity@ietf.org>
Subject: Re: Last Call: <draft-ietf-netmod-entity-07.txt> (A YANG Data
Model for Hardware Management) to Proposed Standard
Message-ID: <04bb01d38558$bf88b4a0$4001a8c0@gateway.2wire.net>
Content-Type: text/plain; charset="utf-8"
This I-D illlustrates a problem that the netmod WG has been wrestling
with for a decade or more and (IMHO) has yet fully to solve. This I-D
is in Last Call at the same time as netmod-revised-datastores, which
proposes the most recent solution.
The problem is that an 'object' can take more than one value and the
question is how to represent that. Previously it was by having twin
trees in the schema; now it is by having one common schema and multiple
datastores, <running> for the user-supplied values, <operational> for
those actually in use, the latter including values learnt from the
hardware or protocols or some other means.
In this model the situation arises with 'serial-num' which may take a
value from the hardware or may be written as part of configuration (the
idea of configuring serial numbers may seem unusual but has been
inherited from the Entity MIB [RFC6933] with the endorsement of the
netmod WG).
So if there is an accessible hardware value and the user writes a value,
who wins? There is no way of specifying this, neither in YANG nor in
'revised-datastores'; in this case, the 'description' specifies that the
value determined from the component should be used so a user can
configure a value, see it in the <running> datastore but not in the
<operational> datastore and cannot tell why, unless they are familiar
with the minutiae of description clauses.
In this case, the model is clear as to which value, configured or
learnt, wins; here, it is learnt. In other cases, it may be that
configured wins or that may be something a user wants to influence as
part of policy.
Is that still one schema or is it now two slightly different schemas
based on the description clause coupled with the datastore that the
schema is being applied to?
Is the description clause an adequate way of expressing policy?
In passing, routing protocols addressed this dilemma a long time ago,
with concepts such as 'Admin Distance'.
(Whether or not this particular value should be configurable is a
different and irrelevant discussion; the MIB WG decided it should be,
the YANG WG likewise - and there are plenty of other objects which
illustrate this dilemma, how to specify who wins).
Tom Petch
----- Original Message -----
From: "The IESG" <iesg-secretary@ietf.org>
Sent: Thursday, December 21, 2017 10:22 PM
> The IESG has received a request from the Network Modeling WG (netmod)
to
> consider the following document: - 'A YANG Data Model for Hardware
Management'
> <draft-ietf-netmod-entity-07.txt> as Proposed Standard
>
> The IESG plans to make a decision in the next few weeks, and solicits
final
> comments on this action. Please send substantive comments to the
> ietf@ietf.org mailing lists by 2018-01-10. Exceptionally, comments may
be
> sent to iesg@ietf.org instead. In either case, please retain the
beginning of
> the Subject line to allow automated sorting.
>
> Abstract
>
> This document defines a YANG data model for the management of
> hardware on a single server.
>
> The file can be obtained via
> https://datatracker.ietf.org/doc/draft-ietf-netmod-entity/
>
> IESG discussion can be tracked via
> https://datatracker.ietf.org/doc/draft-ietf-netmod-entity/ballot/
>
> No IPR declarations have been submitted directly on this I-D.
------------------------------
Subject: Digest Footer
_______________________________________________
ietf mailing list
ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
------------------------------
End of ietf Digest, Vol 116, Issue 6
************************************
- Re: ietf Digest, Vol 116, Issue 6 Embet Tadesse