IETF Logo Mail Archive

Re: IAB agendas now public

Phillip Hallam-Baker <phill@hallambaker.com> Wed, 05 September 2018 16:30 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBA5A130DC3 for <ietf@ietfa.amsl.com>; Wed, 5 Sep 2018 09:30:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.503
X-Spam-Level:
X-Spam-Status: No, score=-1.503 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.146, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VBDBTX7C3rqT for <ietf@ietfa.amsl.com>; Wed, 5 Sep 2018 09:30:32 -0700 (PDT)
Received: from mail-oi0-x229.google.com (mail-oi0-x229.google.com [IPv6:2607:f8b0:4003:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9A8F12426A for <ietf@ietf.org>; Wed, 5 Sep 2018 09:30:32 -0700 (PDT)
Received: by mail-oi0-x229.google.com with SMTP id r69-v6so14813041oie.3 for <ietf@ietf.org>; Wed, 05 Sep 2018 09:30:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=bnqIxqNwg/ocep0wISe//I3KcKo7u8xnGaxyDEQc7TU=; b=Gp/pBobmZzjkQEV+YqRyq6kpboIIfBh1f/0IGfSG1/f4yE7l2Nv2BRHvTIkRvy1tZk VJQBjB0e8lCZKln/RogSA28pzQFg2cKSMYYsc9WYBp6iyVeXKRTUqypQSF5Io6O1w4Es G9gQePGJJWmZK6EaR16vdvXpq4aIm3DeYRPPF+b1J0zl9f9QkKc8JOYdzBvvF1YCc+bB tHxDLJoZZeN7lJbRZp//kKMzydNHU2nCe12umHBwdWNevQhZqm7EbbQsC0wgY6frQ979 cGyK/r2QVleShqUVXoE/9UCNJ/8KEaMm8vymkACbxawaN9RCZftGDjWw30Kkl48cBxX/ SoDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=bnqIxqNwg/ocep0wISe//I3KcKo7u8xnGaxyDEQc7TU=; b=denKINljvWft9dblTd1A6UjFfJDIOUbIqodaTyuQgsE/gzRniRzB7aemvy7AjIr9FO sBY8/zbr6ZRzEogect0nMShvWjhv4zODIDsXlX54+BImckB3AIHnPejZQp1aT0Yekwc8 nut3o1tRpvTcCRNpIokfD2G5dEoO3VCujBFDNWaQ2yd3FAFiCnhtwzNjwe5U1j4VQSVX Gnx9gsoXM9lMvKad20airl0g5pHGLsFQF6Xuyyf6xTYOIk9lJI3qRZZeSIzk6zkGOqvU +gbLCWhEd1VWf0fW30YjG+1TbSyOjGJMg0mNZ1uqt80Z+cZRh/6GPK1vwEUKrB5XJeFa UphQ==
X-Gm-Message-State: APzg51DlieEK8kiZ0I3Me1S96JLGcYXYhk1olDyN37H5XUy14nOQLzTd VFEfaJiMdR7mDin/M5rZNOE/uYNsONELSzzTdk8=
X-Google-Smtp-Source: ANB0VdZXo++dGlBwSh36UeYZz/kGeG42jsCMZLGm77xUSmdc+mTklH7HuMb6VmN5q1UTvjK1BJONELa/+MBX1/F0hIM=
X-Received: by 2002:aca:18d:: with SMTP id 135-v6mr29137936oib.2.1536165031999; Wed, 05 Sep 2018 09:30:31 -0700 (PDT)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 2002:a9d:27c8:0:0:0:0:0 with HTTP; Wed, 5 Sep 2018 09:30:31 -0700 (PDT)
In-Reply-To: <CA+9kkMCGNpFQGwEYZzn3CcOAdz_-GGMCP-N4jX_YuJ8tri0Bxw@mail.gmail.com>
References: <b4afddcc-e8dc-9bd8-03d3-6374c29c4749@iab.org> <m2a7ownhl0.wl-randy@psg.com> <BC35696A-D4A6-47EA-A85C-EB472E42596E@lucidvision.com> <CA+9kkMCGNpFQGwEYZzn3CcOAdz_-GGMCP-N4jX_YuJ8tri0Bxw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Wed, 05 Sep 2018 12:30:31 -0400
X-Google-Sender-Auth: KPgUKzudA4g2B-quCGMpUwTocTI
Message-ID: <CAMm+LwiEhXxW248vJF7=WaEqST=krvPgL22rS=jswa6qcvwb0w@mail.gmail.com>
Subject: Re: IAB agendas now public
To: Ted Hardie <ted.ietf@gmail.com>
Cc: Thomas Nadeau <tnadeau@lucidvision.com>, IAB Chair <iab-chair@iab.org>, IETF <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000c7fdb0575224bbf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/oHK09YbZ9_B6lAk1NuUDONLZ944>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Sep 2018 16:30:35 -0000

As with almost any institution that is 30 years old, the IETF considers
itself to be a newcomer when it is actually approaching its mid-life
crisis.

One of the biggest malfunctions in the IETF is that since the Kobe meeting,
it has not been allowed to do architecture or only allowed to do it in ways
that have the least influence possible. And we need a group that is
thinking about architecture and can make recommendations that have broad
consensus across the IETF.

To do that, IAB meetings have to be open and include all the stakeholders
for a particular issue. Because what is important is not what the decision
is but who is going to follow it.


Right now, I see a lot of interesting work going on in service discovery.
People are starting to realize that the principal benefit of DNSSEC is not
that it eliminates the need to trust the local DNS resolver, it is that it
eliminates the need to use the local DNS resolver at all.

No-resolver DNS is a powerful idea. So is the idea of not using DNS as the
client-resolver protocol and using a protocol designed to enable service
discovery that is as fast and as expressive as possible.

But getting movement there right now is really hard because the problem is
split between a number of different IETF areas. There is the applications
area which consumes the discovery service and there is the DNS area that
maintains the authoritative service and then we have a series of WGs that
each demand that they 'own' one piece of the problem and absolutely refuse
to listen to any requirements other than the exact set of requirements that
justify the exact solution that they came up with in the first place.


Another problem with the lack of architectural direction I see is that we
don't have a group that is able to say 'that is a great point solution,
other people want to do similar, now propose a general framework'. For
example, the MX record was proposed very early in the history of DNS and
was clearly essential for service scalability. Yet it took us a decade to
generalize as SRV and another decade to establish SRV+TXT records as the
principle service discovery mechanism. Meanwhile we have had DANE throw in
a service description attribute record but only for one transport protocol
and only for one trust model and even though it has seen precisely zero
adoption in the WebPKI world, it is apparently the only security policy
approach we are permitted to consider.

The TRANS/CT notary infrastructure is great as a mechanism for notarizing
PKIX certs. But do we really want to build on that point solution for every
other application that needs a notary? Maybe we do, maybe we don't but at
least there should be people asking whether that is the right approach or
if we should treat that as the MX record proof of concept, the special case
for the WebPKI and do something else for the general case.

I would like to see at least some part of the organization do a post mortem
on past efforts to ask whether they went wrong because what they were
trying to do is impossible, because they were doing it in the wrong way or
because there was a necessary pre-condition that was not met. My position
on security policy for the past 15 years has been that it is one of the two
most important security problems we need to solve, that devising a language
for specifying security problem is not difficult.

The biggest deployment obstacle I see is that the security policy records
are useless unless they are accurate and they will never be accurate unless
there is an automated infrastructure for service management. The biggest
technical challenge is what the client is to do when it detects a security
policy violation. And that is really difficult to even get people to
discuss because what people imagine to be a 'common sense approach' tends
to be impossible to reduce to code because it requires a different response
to use cases that the client cannot distinguish based on the information
available to it when it makes the decision.



On Wed, Sep 5, 2018 at 10:50 AM, Ted Hardie <ted.ietf@gmail.com> wrote:

> As you'll note from following the link provided, that is on today's
> agenda.  Thanks for your input into the agenda item.
>
> regards,
>
> Ted Hardie
>
> On Wed, Sep 5, 2018 at 7:31 AM, Thomas Nadeau <tnadeau@lucidvision..com
> <tnadeau@lucidvision.com>> wrote:
>
>> +1
>>
>> All of these meetings should be.
>>
>> —Tom
>>
>>
>>
>> > On Sep 5, 2018, at 10:29 AM, Randy Bush <randy@psg.com> wrote:
>> >
>> >> At the IETF 102 plenary session there was a request to the IAB to make
>> >> its agendas public in advance of its meetings, so that interested
>> >> members of the community could contact the IAB regarding items on the
>> >> agenda.  The IAB agreed, and the draft agendas will be available at:
>> >
>> > my memory is that the critical request that the iab follow the iesg's
>> > lead and make the meeting o-p-e-n.  and i fully and strongly support
>> > that request.
>> >
>> > randy
>> >
>>
>>
>

v2.23.0 | Report a Bug | By Email