Re: Last Call: draft-weiler-dnssec-dlv-iana (DNSSEC Lookaside Validation (DLV) IANA Registry) to Informational RFC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I've sent private comments on the draft already, as I see the draft as an under specification of what is required to operate a registry (a registry is not just DNS). None of those comments are significant enough for a broad audience, just requesting better descriptions of the work needed to perform the service. 

At 9:27 -0400 8/24/07, Thomas Narten wrote:

Geoff Huston <gih@xxxxxxxxx> writes:


 - is this just an ersatz root signing mechanism? Why is this appropriate
 given that the alternative is simply a signed root zone?
It is appropriate because this is a technical solution from a technical organization to the non-technical obstacles to a signed public Internet root zone. The alternatives for the IETF are to do nothing or try to make an appeal on a non-technical basis. But... 


Thus, it strikes me that this is embracing and extending DNSSEC. That
might be OK, if the relevent DNS WGs agreed that DNSSEC needed such
"help". But, as far as I can tell, the relevent DNS WGs have not
embraced this approach.
...DNSSEC's lack of adoption may be because of the tradeoff of cost of deployment and benefit not merely an unsigned public Internet root. DLV isn't an approach that will guarantee to break open the flood gates of DNSSEC adoption. 


I would be troubled to see this go forward (with _any_ sort of IETF
seal of approval), without the consensus of the relevant IETF DNS
community behind it.
Getting the public Internet root signed is more significant to me. If that root zone isn't signed, I'd take it as a sign that DNSSEC is not worth the cost. The public Internet root zone is a role model. If the case for DNSSEC can't be made "up there" then the case might not be made "down here." I think that the non-technical approach, albeit not the IETF's strength, is more appropriate than further tinkering with the protocol and implementations. That's because I don't like the implications of the tinkering I see needed to make this work. 
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

Think glocally.  Act confused.

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]