Re: Last Call: draft-weiler-dnssec-dlv-iana (DNSSEC Lookaside Validation (DLV) IANA Registry) to Informational RFC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Part of the issue with IANA-instruction documents is that they fail to expose the considerations that have motivated the proposed action, and it's this lack of context during the review phase that tends to provoke a critical reaction.

I suspect that what the IESG is asking for is a roundabout way of a consensus call on the proposed instruction to IANA, not publication of the document. (Here I'm reading the whitespace of the IESG text, not their actual words!)

The question of "should it be published?" I interpret as a question of "should the IETF attempt to direct the IANA to create such a registry as a part of an IETF standards action?"

Two subsidiary questions back to the IESG:

    - given that this is not a standards action document, does
      publication of the document as informational constitute a clear
      and definitive instruction to IANA?

    - under the current division of responsibilities between the
      various bodies who claim interest in the DNS, is it the role of
      the IETF to undertake such an instruction to IANA in this DNS
      space?

There are a number of subject-oriented questions about DLV, as distinct from process and role issues that this proposed action also highlights:

- what key should IANA use to sign this DLV registry?

- would this key be any different than a hypothetical key that would be used to sign the DNS root? Why? Why Not?

- is this just an ersatz root signing mechanism? Why is this appropriate given that the alternative is simply a signed root zone?

- in the absence of full signing of the DNS from the root down, just how many DLV spots must a resolver look in? It seems that proliferation of DLV lookup points is no better (and arguably much worse) than the original problem of piecemeal DNSSEC deployment - that of key hunting.

Now I'm sure that the author of this document has answers to these and many more questions, as these considerations are indeed the motivation for the proposed action.

However, without this motivational information available, the proposed action appears to be one that openly admits that the intended deployment model of DNSSEC is now defunct, in which case one wonders whether this change of direction would materially alter DNSSEC's deployment prospects. So, in the absence of such additional material to motivate this instruction to IANA, I'm lead to the response to the IESG that:

1. Should this document be published?

   No - I do not see adequate rational for this instruction to IANA.

2. If so...

    N/A

regards,


  Geoff Huston




_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]