last call discussion status on draft-iab-2870bis

Jari Arkko <> Thu, 05 March 2015 03:43 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 7207C1A8ADA for <>; Wed, 4 Mar 2015 19:43:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id av1hUorR5uTO for <>; Wed, 4 Mar 2015 19:43:49 -0800 (PST)
Received: from ( [IPv6:2a00:1d50:2::130]) by (Postfix) with ESMTP id 69F3C1A8ACD for <>; Wed, 4 Mar 2015 19:43:48 -0800 (PST)
Received: from localhost (localhost []) by (Postfix) with ESMTP id BBE232CC5D; Thu, 5 Mar 2015 05:43:47 +0200 (EET) (envelope-from
X-Virus-Scanned: amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bXTiYe5BVVfc; Thu, 5 Mar 2015 05:43:47 +0200 (EET)
Received: from [] ( [IPv6:2a00:1d50:2::130]) by (Postfix) with ESMTP id 1FF4D2CC4D; Thu, 5 Mar 2015 05:43:47 +0200 (EET) (envelope-from
Content-Type: multipart/signed; boundary="Apple-Mail=_660754D8-8252-4FE1-849A-04642D6CBCB3"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Subject: last call discussion status on draft-iab-2870bis
From: Jari Arkko <>
In-Reply-To: <>
Date: Thu, 5 Mar 2015 05:43:49 +0200
Message-Id: <>
References: <> <>
To: Marc Blanchet <>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <>
Cc: IAB <>,
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 05 Mar 2015 03:43:50 -0000

I wanted to come back to the status of the discussions.

We have an ongoing discussion of the changes Marc made on the -02. My read of the feedback is that the update has done the right things, but:

1) Paul Hoffman’s clarifications & editorial changes seem useful, but I would like to hear what others think. Marc, you should respond to those as well.

2) Mark Andrews’ suggestion of further requirements regarding reserved bits was discussed, but should proceed separately.

3) Mark Andrews' suggestion of further requirements regarding EDNS0 has not been discussed, but I would note that at this stage we should not add major requirements without substantial community portion indicating that this is needed. I’m not hearing it.

4) I’ve also received feedback from IESG members that the text about moving 2870 to Historic in Section 1.1 could be problematic. While I’m not sure that is necessarily the case, I think this draft merely replaces 2870, so I am not sure we need to say anything more. I have confirmed with the IAB that it does not believe the part about moving 2870 to Historic is necessary. Does anyone object to this change?

With regards to the earlier discussions in the last call in the summer, Marc’s message discussed some of the things where an agreement was clearly found. I don’t think I need to report further on that. However, I wanted to highlight a few other items:

I believe there is rough consensus to publish an updated BCP (subject to some detailed clarifications, still ongoing). There was some discussion about whether it is appropriate for the IETF to do this, but my read of the discussion is that the topic was explored and that a reasonable division of work between the RSSAC and IETF exists, even with some roughness of the opinions within the group. The IETF role in this case is to provide high-level requirements for the service. Specifically for this service, even if some broader statements have been made about all nodes previously. But is not our role to enforce anything or deal with the operational issues.

There was some discussion of the meaning of the requirements currently in the document, and whether clarifying text was needed to specify whether they apply to individual nodes or the service. Michael Richardsson (among others) has supported the current text as it really is about the service. This is another topic where there is some roughness in the group, but I believe the initial question has been adequately answered and has at least some support in the group.

A big problem last summer was that we did not yet have a document from the RSSAC. With the stable RSSAC document now available, it is possible to proceed.

From my read of the commentary, the following items may deserve further thought. Marc, can you deal with these?

* Joe Abley’s comment about qualifying the requirement to answer queries from any valid IP address with respect to operational events (such as attacks). While I believe the operational issues are indeed in the RSSAC scope, I think we should qualify our requirement to be subject to operational issues.

* Klaas Wieranga’s Secdir review made a suggestion about privacy related to root queries, and how caching mitigates some of the concerns. Text could be added about this, although it is of course somewhat obvious state of affairs. I’ll leave it to the editor’s discretion what to do here.