draft mhsds minutes from Seattle IETF
Allan Cargille <cargille@cs.wisc.edu> Thu, 21 April 1994 21:43 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa21531; 21 Apr 94 17:43 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa21527; 21 Apr 94 17:43 EDT
Received: from [129.179.91.44] by CNRI.Reston.VA.US id aa20163; 21 Apr 94 17:43 EDT
Received: from mercury91.udev.cdc.com by sequoia.udev.cdc.com; Thu, 21 Apr 94 16:19:25 -0600
Received: by mercury.udev.cdc.com; Thu, 21 Apr 94 16:04:51 -0500
X-From: cargille@cs.wisc.edu Thu Apr 21 16:04 CDT 1994
Received: from zeus.cdc.com by mercury.udev.cdc.com; Thu, 21 Apr 94 16:04:49 -0500
Received: from calypso.cs.wisc.edu by zeus.cdc.com; Thu, 21 Apr 94 16:04:32 -0500
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Allan Cargille <cargille@cs.wisc.edu>
Message-Id: <9404212104.AA09416@calypso.cs.wisc.edu>
Received: by calypso.cs.wisc.edu; Thu, 21 Apr 94 16:04:28 -0500
Subject: draft mhsds minutes from Seattle IETF
To: mhs-ds@mercury.udev.cdc.com
Date: Thu, 21 Apr 1994 16:04:27 -0500
Organization: Univ of Wisconsin
Phone: +1 608 262-5084
Fax: +1 608 262-9777
X-Mailer: ELM [version 2.4 PL23]
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Content-Length: 8455
Hello MHSDS folk, Here are my edited notes from the mhsds meeting in Houston. Kevin Jordan will edit the final version, so please send corrections to him (Kevin.E.Jordan@cdc.com). Cheers, allan ====================================================================== IETF MHS-DS Working Group meeting Seattle, Washington March 29, 1994 Draft version by Allan Cargille Final Editing to be done by Kevin Jordan Kevin Jordan summarized three major changes that have been made in the documents: 1. Use of directory to support mapping - especially missing address components - for example, in Germany often the Organization attribute is not used but OUs are used. - There is a major change in where the mapping rules will be stored. Now all rules will be stored under O=Internet, OU=X.400/RFC 822 Mapping. CN=X.400 to RF822 or CN=RFC822 to X.400. The X.400 tree has C, ADMD, etc. The 822 tree has top-level domain, 2nd domain, etc. - This keeps all the information under one subtree and makes it possible to easily replicate the whole subtree. Experts do not expect the mapping rules to grow much larger than the present size. This also makes it much easier to copy entire mapping rules into directory from tables. Replication is standard in the X.500 1992/93 spec, and can supports replicating entire subtrees. 2. Bilateral vs multi-lateral agreements. BilateralTable attribute is a sequence now. Small editorial note -- Need to change OID value in document to a new one (the old OID was used even though the definition was changed). This feature can now support multi-party agreements or truly private agreements. 3. Change to default routing failure action at country level (now it is the same as for any other level). Discussion -- minimum profile: Is this valuable? It contains errors. Is this document necessary? The minimum is so small that it will hurt things because not enough functionality is demanded of implementations. Another example of where a weak minimum profile was the minimum profile for RFC987 in the COSINE MHS Community -- it discouraged deployment of fully functional gateways. Decision - do not progress the current document. However, a minimum profile should be a useful document, it should just contain enough functionality as to be truly useful. Decision: implementors will discuss and agree on a minimum profile (Kevin Jordan and implementors of other implementations). Discussion -- terminology in minimum profile: The issue of the terminology used in the document was raised: "may", "should", and "shall" in regard to exactly what is mandatory, suggested, and optional. This could be specified in the routing document, but it is simpler to keep in a separate document because the routing document is so complex. Someone commented that if we do not clean up the current language then the RFC editor will insist on it when the document is progressed anyway. Action - Kevin Jordan discuss with implementors, discuss on list. Review of Long Bud status. - Authors have made some changes. Action - produce new draft by end of April - Sylvain (editor). Progress if agreement is reached on the list. - Some tools are available on anonymous ftp from ftp.css.cdc.com in pub/mhs-ds/long-bud/software listOT - list Open Tree - written in Duaperl pingMTAs - finds MTAs and tests connections to them. The current version Uses CDC products in the tool. Kevin will try to make the necessary components publicly available. Perhaps PP has the necessary functionality already available. same kinds of tools available. Written in DuaPerl. upload-2.0 - accepts routing/mapping tables in RFC1465 format, creates corresponding information in the Open Tree. Needs to be updated for new version of the specs. Written in C and awk. getRouting - opposite of upload above, downloads tables from directory. Written in C. Comment - It would be nice if someone could rewrite these tools in DuaPerl -- any volunteers? <Kevin showed a few slides containing output of tools> Question - domains with no MTA listed, is this a problem? Should they be deleted? Conclusion was that this seems OK. Another problem is that some MTAs are listed but they do not accept connections from any other MTA. Problem - In the US, MTAs are listed that don't exist. Need to be cleaned up. Should talk to them, get them to upgrade service. Perhaps some sites like Merit and Mitre will participate again? Action item for Wisconsin project. MTAs which do not exist any more should be deleted from the open tree. US/ATTMAIL/CDC, ESNET - are mastered at CDC US/TELEMAIL/arc (NASA) - is mastered at NASA Question - Can all sites see the same thing? Yes, this is just a list of info from the directory. PingMTA tool may see different results based on connection permissions, or they can also be affected by timeouts, chains, referrals, etc. PingMTAs - tries to connect to all listed MTAs. Some problems found using this: - registered, but non-existent MTAs (remove) - registered, but unmanaged MTAs - mostly US (remove) - registered, but mostly unreachable domains (add routing info) - missing authentication requirements (add them where truly needed) Need to register default routes to make all existing domains in the GO-MHS community routable via the X.500 Directory. Base initial routes upon RARE tables where necessary; use authentication requirements where needed. Question - we have assumed an open tree where MTAs will accept connections from any calling MTA. Is this a valid model? Each MD must list an MTA which will be openly accessible from any calling MTA. This approach is simpler. An alternate approach would be to reflect the current GO-MHS community in the directory with Multilateral agreements. Each ADMD, PRMD, O, OU lists an MTA. Discussion: why would people operate "closed" MTAs? Urs reported that SWITCH blocks out unknown MTAs because incoming connections can ship you anything they want, and routing this mail can cost them money (over expensive links, or to costly commercial destinations). After discussion, the group strongly reaffirmed that open tree MTAs should be willing to accept connections from anyone. It is also noted that it is technically possible to establish a closed community with MTA information at one location in the tree in the current draft of the routing specification, but this approach will not be taken in the LONGBUD pilot. Question - what mandatory stacks that should be supported for each domain? This was not specified in the current draft. Possible stacks are RFC1006, CLNS, X.25. The decision was that initially RFC1006 is the mandatory stack, and other stacks may optionally be used. This should be added to the Longbud draft. Discussion - DSA problems: - existing infrastructure is too unreliable for routing. - need to establish more replication. - need to establish more explicit backup DSAs. Problem with top-level servers, especially the US server. It is unavailable often, perhaps due to crashing. There is a need for a more reliable US top-level X.500 server. In light of this problem, Kevin proposed the following replication strategy: To Start: - pick 2 DSAs in US and two in Europe: CDC? InterNIC? NASA? France (Sylvain), SWITCH, or ULCC (Linda). (ULCC runs a worldwide root server.) - Each DSA has complete replica of top levels. - Each MHS-DS entry must have at least one backup DSA attribute. - backupDSA attribute should reference DSA on other side of ocean. - Each core DSA will accept request for bilateral replication agreements from any DSA manager that asks. To Expand: - establish a more methodical, more scalable approach. This is an unsolved problem. Question - Peter Kirstein - has anyone investigated what the problems are with the DSA reliability? Is this published? Answer - Yes, once/week to DSA national managers and osi-ds list. Probes are only from NeXor, which may make the data suspect because there may be problems with transatlantic lines or timeouts. It would also be good for someone to do probes in the US - can CDC do these? Or another site? Peter K - can test from anywhere in US, but it needs to be national master. There are 3 root-level DSAs in the US, but availability is not good. Linda - ULCC does measurements of DSA reliability - there is a problem with the US master DSA. European DSAs are more reliable. The meeting was wrapped up.
- draft mhsds minutes from Seattle IETF Allan Cargille
- Re: draft mhsds minutes from Seattle IETF Steve Kille