last call discussion status on draft-iab-2870bis

[Jari Arkko <jari.arkko@piuha.net>]

I wanted to come back to the status of the discussions.

We have an ongoing discussion of the changes Marc made on the -02. My read of the feedback is that the update has done the right things, but:

1) Paul Hoffman’s clarifications & editorial changes seem useful, but I would like to hear what others think. Marc, you should respond to those as well.

2) Mark Andrews’ suggestion of further requirements regarding reserved bits was discussed, but should proceed separately.

3) Mark Andrews' suggestion of further requirements regarding EDNS0 has not been discussed, but I would note that at this stage we should not add major requirements without substantial community portion indicating that this is needed. I’m not hearing it.

4) I’ve also received feedback from IESG members that the text about moving 2870 to Historic in Section 1.1 could be problematic. While I’m not sure that is necessarily the case, I think this draft merely replaces 2870, so I am not sure we need to say anything more. I have confirmed with the IAB that it does not believe the part about moving 2870 to Historic is necessary. Does anyone object to this change?

With regards to the earlier discussions in the last call in the summer, Marc’s message discussed some of the things where an agreement was clearly found. I don’t think I need to report further on that. However, I wanted to highlight a few other items:

I believe there is rough consensus to publish an updated BCP (subject to some detailed clarifications, still ongoing). There was some discussion about whether it is appropriate for the IETF to do this, but my read of the discussion is that the topic was explored and that a reasonable division of work between the RSSAC and IETF exists, even with some roughness of the opinions within the group. The IETF role in this case is to provide high-level requirements for the service. Specifically for this service, even if some broader statements have been made about all nodes previously. But is not our role to enforce anything or deal with the operational issues.

There was some discussion of the meaning of the requirements currently in the document, and whether clarifying text was needed to specify whether they apply to individual nodes or the service. Michael Richardsson (among others) has supported the current text as it really is about the service. This is another topic where there is some roughness in the group, but I believe the initial question has been adequately answered and has at least some support in the group.

A big problem last summer was that we did not yet have a document from the RSSAC. With the stable RSSAC document now available, it is possible to proceed.

From my read of the commentary, the following items may deserve further thought. Marc, can you deal with these?

* Joe Abley’s comment about qualifying the requirement to answer queries from any valid IP address with respect to operational events (such as attacks). While I believe the operational issues are indeed in the RSSAC scope, I think we should qualify our requirement to be subject to operational issues.

* Klaas Wieranga’s Secdir review made a suggestion about privacy related to root queries, and how caching mitigates some of the concerns. Text could be added about this, although it is of course somewhat obvious state of affairs. I’ll leave it to the editor’s discretion what to do here.

Jari