IETF Logo Mail Archive

[dnsext] Clarifying a few points in Re: Update to RFC 5155. Maybe?

Edward Lewis <ed.lewis@neustar.biz> Wed, 19 December 2012 14:48 UTC

Return-Path: <ed.lewis@neustar.biz>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55F5521F84FB for <dnsext@ietfa.amsl.com>; Wed, 19 Dec 2012 06:48:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.581
X-Spam-Level:
X-Spam-Status: No, score=-101.581 tagged_above=-999 required=5 tests=[AWL=1.018, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r+vUIsbOvNa8 for <dnsext@ietfa.amsl.com>; Wed, 19 Dec 2012 06:48:33 -0800 (PST)
Received: from eastrmfepo202.cox.net (eastrmfepo202.cox.net [68.230.241.217]) by ietfa.amsl.com (Postfix) with ESMTP id B518A21F84C1 for <dnsext@ietf.org>; Wed, 19 Dec 2012 06:48:33 -0800 (PST)
Received: from eastrmimpo210 ([68.230.241.225]) by eastrmfepo202.cox.net (InterMail vM.8.01.04.00 201-2260-137-20101110) with ESMTP id <20121219144833.NSOW6475.eastrmfepo202.cox.net@eastrmimpo210> for <dnsext@ietf.org>; Wed, 19 Dec 2012 09:48:33 -0500
Received: from [127.0.0.1] ([68.98.141.167]) by eastrmimpo210 with cox id dSoY1k00W3cuADQ01SoYjN; Wed, 19 Dec 2012 09:48:33 -0500
X-CT-Class: Clean
X-CT-Score: 0.00
X-CT-RefID: str=0001.0A020204.50D1D3C1.0061,ss=1,re=0.000,fgs=0
X-CT-Spam: 0
X-Authority-Analysis: v=2.0 cv=R/2B6KtX c=1 sm=1 a=d1qrA6Qzssd1VjKW2xnq3A==:17 a=3AUgi09Yx-sA:10 a=kj9zAlcOel0A:10 a=hGBaWAWWAAAA:8 a=W5eCSmW0TOMA:10 a=TneC9dG3Nbe76KVbL_AA:9 a=CjuIK1q_8ugA:10 a=d1qrA6Qzssd1VjKW2xnq3A==:117
X-CM-Score: 0.00
Authentication-Results: cox.net; none
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: text/plain; charset="us-ascii"
From: Edward Lewis <ed.lewis@neustar.biz>
In-Reply-To: <95C76953-2D89-4EBC-86D7-BDBBE0379041@neustar.biz>
Date: Wed, 19 Dec 2012 09:48:32 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <5DE8AF7F-92B3-48C8-8F5D-6800C4ED4B63@neustar.biz>
References: <20121206211100.14488.62562.idtracker@ietfa.amsl.com> <82AEB125-F110-40A1-A527-F18BB567EBE4@neustar.biz> <50CAF418.5060304@nlnetlabs.nl> <6B0BDF89-EDEB-44AF-83E8-6EDC599B3DAD@neustar.biz> <33CB3A55-89FE-4ABA-A9F8-0C537FADC15A@neustar.biz> <20121217203354.0B2E62D200AD@drugs.dv.isc.org> <95C76953-2D89-4EBC-86D7-BDBBE0379041@neustar.biz>
To: dnsext mailing list <dnsext@ietf.org>
X-Mailer: Apple Mail (2.1283)
Cc: Edward Lewis <Ed.Lewis@neustar.biz>
Subject: [dnsext] Clarifying a few points in Re: Update to RFC 5155. Maybe?
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Dec 2012 14:48:34 -0000

First, thanks to those who posted to the list, I don't want to stem the tide now.  Keep thoughts coming.

But two things popped up in the responses so far that I can provide some clarifying comments on:

One, about "compliance"  - yes, I was saying that no implementations were fully because they didn't allow pick-and-choose opt-out.  But the comment id driven by some other thoughts.  The IETF claims "running code and rough consensus" but the running code today differs from the spec.  And as an operator I hear "the IETF wants operators to come in and help" but my observation is that when a protocol seems confusing and resulting in higher support costs, the spec still holds sway.  I was hoping that there'd be willingness to bring the spec into the reality space and not remain in the conceptual space.

Two, about the need or not for the wildcard NSEC3 in the proofs - that idea came from an off-list conversation with someone who derived the NSEC3 idea and document.  Unfortunately, that was private communication and not on the list, so I have to shuttle back and forth the ideas.  (This is why I want the discussion to remain on the open, transparent list.)

I'll wait for a few more comments before updating what I am thinking.   I want to encourage folks to pitch in as this is a working group effort.  It's not about anyone's individual perspectives or opinions.

v2.23.0 | Report a Bug | By Email