Olaf M. Kolkman wrote:
Although IANA is in a unique position that it has an established
relation with the TLD operators and the number registries for the
domains under in-addr.arpa, it is not the only party that could offer
How much of the IAB's concern is that it's under .arpa, and how much
is the concern that IANA will be unable to (afford) do this work?
If having the DLV under olaf.NLnetLabs.nl (or some other convenient
prefix) solves enough of the concern, could we address the IANA requirements
separately?
The establishment of the DLV registry bootstraps on relations that IANA
maintains with the TLDs on the basis of the maintenance of a space that
is specifically outside the scope of the MOU between the IETF and IANA.
This suggest that actually, the IETF is not the only organization that could
ask IANA to do this. IANA could do it on their own, for instance.
We feel that by stepping over this boundary we would also get involved
in some of the policy issues regarding the "forward" name space. That
there are policy issues with getting the root signed is duly known. So
if the IETF were to establish this DLV registry in .arpa, than that
might be seen as an attempt to outrun the policy making process. We
therefore feel that the IETF should be extremely careful in making a
request of this sort.
I think... there is too much thinking occurring!
Just do it.
The IAB, obviously, favors expedient deployment of DNSSEC in the DNS root.
It still hasn't happened. If it were going to happen quickly, it would
already be done. I don't see it happening in a reasonable amount of time.
However, the IAB does not support the establishment of a domain under
.arpa combined with a request from the IETF to IANA to establish such a
service as that would implicitly be based on the MOU between RFC3172.
However,
- if there is IETF wide consensus on a proposal to establish a .arpa zone;
- if such proposal would deal with the 'competition' issues mentioned
above;
- if such proposal should contain much more detail on how to establish
and maintain authentic DLV entries;
- and if said proposal describes the other requirements for such
registry such as key management;
then given such IETF consensus the IAB will explore how such registry
can be established without violating the MOU.
Thanks for leaving the conversation open.
It sounds like the IAB would be happy to create such a zone if it wasn't
IANA doing it, i.e. other than the competition issue, the IAB is not opposed
to dnssec.arpa.
Contrary to what I write above, that the IAB is actually more concerned about
IANA than about .arpa pollution?
The competition issue is, I think, moot. Anyone can start a DLV.
IANA already has a monopoly on various numbers/name spaces. It does no
politics about which zones can be created/deleted/etc. It just maintains
relationships. IANA has no monopoly on having relationships with all the TLDs
and reverse zone owners, but IANA already has those relationships. We just
want to leverage them.
It seems that if IANA were to create dlv.iana.org, that there could be no
concern from the IAB about giving IANA a privileged position in .arpa. Is
this correct?
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf