On 27-Oct-2006, at 09:25, Stephane Bortzmeyer wrote:
On Wed, Oct 18, 2006 at 12:24:22PM -0400,
The IESG <iesg-secretary@xxxxxxxx> wrote
a message of 18 lines which said:
- 'DNSSEC Lookaside Validation (DLV) '
<draft-weiler-dnssec-dlv-01.txt> as an Informational RFC
I've read it, and find no stopping issues. I believe that the
political issue of "who signs the root" is a sufficiently serious
problem to create a temporary workaround like DLV. Good idea, and the
document is OK, IMHO.
Apologies to all concerned if I'm rudely pointing out the elephant in
the living room.
This is one of two separate specifications for DLV. The document at
http://www.isc.org/pubs/tn/isc-tn-2006-1.txt
describes an approach called "DNSSEC Lookaside Validation (DLV)"
which uses the same DLV resource record specified in RFC 4431. This
specification is implemented in BIND 9, as far as I know.
I haven't compared draft-weiler-dnssec-dlv-01 with the ISC tech note
closely, but since the text is different it seems likely that
implementations based on one would likely differ from those based on
the other, from different interpretations of the text if not from
fundamental differences in approach.
I am certainly not trying to promote one of these documents over the
other. However, given that the documents are potentially different
and that there's such an obvious overlap (e.g. in name and in the use
of the DLV RR) it seems to me that there is great potential for
confusion.
I would suggest that at the very least, draft-weiler-dnssec-dlv ought
to contain an informative reference to the ISC specification, and a
prominent note that the implementation of DLV in BIND 9 is based on
the ISC specification, and not this document.
In addition, the IANA Considerations section of this document
requests that IANA should create and operate a DLV registry. Since
there is another DLV registry already in operation (run by ISC, using
BIND 9 and hence based on the other DLV specification) this is
additional scope for confusion. Any differences between an IANA DLV
registry and the ISC DLV registry ought to be made clear to potential
users, and it would seem sensible to direct the IANA in that manner
in this document.
Failing to draw attention to these issues would be a disservice to
readers of this document, and would likely lead to interoperability
problems and confusion. This would appear to be in conflict with the
primary goal of this document, which is presumably to facilitate the
expedient deployment of DNS security.
Joe
(once an employee of ISC, friends with the authors of both
specifications, not currently a DLV user, and no axe to grind in any
direction)
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf