Re: [DNSOP] Last Call: <draft-ietf-dnsop-child-syncronization-02.txt> (Child To Parent Synchronization in DNS) to Proposed Standard
manning <bmanning@karoshi.com> Wed, 13 August 2014 06:36 UTC
Return-Path: <bmanning@karoshi.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE1E01A7004 for <ietf@ietfa.amsl.com>; Tue, 12 Aug 2014 23:36:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ol_poKJUXjtk for <ietf@ietfa.amsl.com>; Tue, 12 Aug 2014 23:36:36 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2429C1A6FFF for <ietf@ietf.org>; Tue, 12 Aug 2014 23:36:36 -0700 (PDT)
Received: from [192.168.0.3] (cpe-23-241-118-60.socal.res.rr.com [23.241.118.60]) (authenticated bits=0) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id s7D6ZRDx003289 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 12 Aug 2014 23:35:50 -0700 (PDT)
Subject: Re: [DNSOP] Last Call: <draft-ietf-dnsop-child-syncronization-02.txt> (Child To Parent Synchronization in DNS) to Proposed Standard
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
Content-Type: text/plain; charset="windows-1252"
From: manning <bmanning@karoshi.com>
In-Reply-To: <1304AB88-311E-4516-BE2C-E23B4A41604D@ogud.com>
Date: Tue, 12 Aug 2014 23:35:25 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <4F5B46CF-0FC4-4F73-8AD3-2C3F5489417F@karoshi.com>
References: <20140808151621.1148.70609.idtracker@ietfa.amsl.com> <53E7D16B.3020301@bogus.com> <m2zjfbx31s.wl%randy@psg.com> <1304AB88-311E-4516-BE2C-E23B4A41604D@ogud.com>
To: Olafur Gudmundsson <ogud@ogud.com>, Ihrn Johan <johani@autonomica.se>
X-Mailer: Apple Mail (2.1878.2)
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: bmanning@karoshi.com
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/oPbNygUpisIWcOB0W9JWCpY2KQo
X-Mailman-Approved-At: Wed, 13 Aug 2014 08:49:03 -0700
Cc: IETF Disgust <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Aug 2014 06:36:41 -0000
If you have not already done so, you should talk to Johan Ihrn. About 8 years ago, he and a few others hammered much of the parent/child signaling/sync issues that you and Warren are revisiting now. There was some documentation, but it never made the IETF. /bill On 12August2014Tuesday, at 19:23, Olafur Gudmundsson <ogud@ogud.com> wrote: > > On Aug 10, 2014, at 8:50 PM, Randy Bush <randy@psg.com> wrote: > >> as the threat models seem similar why do we need two separate >> mechanisms, one for NS >> draft-ietf-dnsop-child-syncronization-02.txt >> and one for DS >> draft-ietf-dnsop-delegation-trust-maintainance-14.txt >> >> randy >> > > Well there are two things going on here. > > 1. Rules for child expressing how to indicate new trust anchor along with acceptance rules for parent > 2. Child signaling to parent please update “these types” from my zone in the delegation information i.e. NS change or glue changes. > > Warren and I started doing #1 first as that was more critical to our thinking, once people saw that we could update > TA info with DNSSEC in place a light bulb went off and people realized much of mundane delegation maintenance could be automated. > While pushing this through we had to fight get people to realize that there are many different relationships between the parties that > a) operate parent DNS > b) operate DNS for child > c) child > d) Intermediary that handles transaction to create the delegation (i.e. registrar) and processes updates from Child. > > When maintaining delegation information strictly speaking only a) and b) need to be involved but in some cases d) insists to be in the middle > and frequently forces c) to perform some manual action. > #1 tried hard to avoid expressing operational models other than polling and I envision that a better automated model will be created > around CSYNC, which would express if there is a CDS and/or CDNSKEY for parent to consume. > > The WG told DNSOP chairs that they wanted the documents separate even when editors volunteered to merge them. > > Olafur >
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-child-sy… Warren Kumari
- Re: Last Call: <draft-ietf-dnsop-child-syncroniza… Patrik Fältström
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-child-sy… joel jaeggli
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-child-sy… Randy Bush
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-child-sy… George Michaelson
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-child-sy… Olafur Gudmundsson
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-child-sy… manning
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-child-sy… 神明達哉
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-child-sy… Wes Hardaker