Part of the issue with IANA-instruction documents is that they fail to
expose the considerations that have motivated the proposed action, and
it's this lack of context during the review phase that tends to provoke
a critical reaction.
I suspect that what the IESG is asking for is a roundabout way of a
consensus call on the proposed instruction to IANA, not publication of
the document. (Here I'm reading the whitespace of the IESG text, not
their actual words!)
The question of "should it be published?" I interpret as a question of
"should the IETF attempt to direct the IANA to create such a registry as
a part of an IETF standards action?"
Two subsidiary questions back to the IESG:
- given that this is not a standards action document, does
publication of the document as informational constitute a clear
and definitive instruction to IANA?
- under the current division of responsibilities between the
various bodies who claim interest in the DNS, is it the role of
the IETF to undertake such an instruction to IANA in this DNS
space?
There are a number of subject-oriented questions about DLV, as distinct
from process and role issues that this proposed action also highlights:
- what key should IANA use to sign this DLV registry?
- would this key be any different than a hypothetical key that would be
used to sign the DNS root? Why? Why Not?
- is this just an ersatz root signing mechanism? Why is this appropriate
given that the alternative is simply a signed root zone?
- in the absence of full signing of the DNS from the root down, just how
many DLV spots must a resolver look in? It seems that proliferation of
DLV lookup points is no better (and arguably much worse) than the
original problem of piecemeal DNSSEC deployment - that of key hunting.
Now I'm sure that the author of this document has answers to these and
many more questions, as these considerations are indeed the motivation
for the proposed action.
However, without this motivational information available, the proposed
action appears to be one that openly admits that the intended deployment
model of DNSSEC is now defunct, in which case one wonders whether this
change of direction would materially alter DNSSEC's deployment
prospects. So, in the absence of such additional material to motivate
this instruction to IANA, I'm lead to the response to the IESG that:
1. Should this document be published?
No - I do not see adequate rational for this instruction to IANA.
2. If so...
N/A
regards,
Geoff Huston
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf