Re: Last Call: 'DNSSEC Lookaside Validation (DLV)' to Informational RFC (draft-weiler-dnssec-dlv)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 27-Oct-2006, at 09:25, Stephane Bortzmeyer wrote:


On Wed, Oct 18, 2006 at 12:24:22PM -0400,
 The IESG <iesg-secretary@xxxxxxxx> wrote
 a message of 18 lines which said:


- 'DNSSEC Lookaside Validation (DLV) '
   <draft-weiler-dnssec-dlv-01.txt> as an Informational RFC


I've read it, and find no stopping issues. I believe that the
political issue of "who signs the root" is a sufficiently serious
problem to create a temporary workaround like DLV. Good idea, and the
document is OK, IMHO.
Apologies to all concerned if I'm rudely pointing out the elephant in the living room. 

This is one of two separate specifications for DLV. The document at

  http://www.isc.org/pubs/tn/isc-tn-2006-1.txt
describes an approach called "DNSSEC Lookaside Validation (DLV)" which uses the same DLV resource record specified in RFC 4431. This specification is implemented in BIND 9, as far as I know.
I haven't compared draft-weiler-dnssec-dlv-01 with the ISC tech note closely, but since the text is different it seems likely that implementations based on one would likely differ from those based on the other, from different interpretations of the text if not from fundamental differences in approach.
I am certainly not trying to promote one of these documents over the other. However, given that the documents are potentially different and that there's such an obvious overlap (e.g. in name and in the use of the DLV RR) it seems to me that there is great potential for confusion.
I would suggest that at the very least, draft-weiler-dnssec-dlv ought to contain an informative reference to the ISC specification, and a prominent note that the implementation of DLV in BIND 9 is based on the ISC specification, and not this document.
In addition, the IANA Considerations section of this document requests that IANA should create and operate a DLV registry. Since there is another DLV registry already in operation (run by ISC, using BIND 9 and hence based on the other DLV specification) this is additional scope for confusion. Any differences between an IANA DLV registry and the ISC DLV registry ought to be made clear to potential users, and it would seem sensible to direct the IANA in that manner in this document.
Failing to draw attention to these issues would be a disservice to readers of this document, and would likely lead to interoperability problems and confusion. This would appear to be in conflict with the primary goal of this document, which is presumably to facilitate the expedient deployment of DNS security. 


Joe
(once an employee of ISC, friends with the authors of both specifications, not currently a DLV user, and no axe to grind in any direction) 


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]