Re: draft-housley-two-maturity-levels-00

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I disagree.

For changes such as DNSSEC there is no way to move as many parts of the industry as need to be involved with an Internet draft. Microsoft is not going to implement a draft in Windows Server, neither is Apple. 

Operational experience in this case means at a minimum taking two conformant DNS servers and having them exchange messages successfully. But that is several orders of magnitude less than Internet wide deployment.

But anyone who knows PKI and looks at the current specs knows that what is described there is not sufficient to deploy on. No liability model for a start. And the assumption that a new form of PKI is going to suddenly deploy in three weeks time using a technology base entirely different from X.509v3/PKIX without any concurrence between the two is interesting to say the least.

So when an infrastructure change is being proposed there has to be a starting point for a technical discussion that has a pretty high degree of buy-in, even though the ultimate shape of the infrastructure is unknowable at that point. Most of what is finally deployed as DNSSEC will look like the current proposal. But there will be important differences and those need to be captured.


On Sun, Jun 20, 2010 at 10:41 AM, Dave CROCKER <dhc@xxxxxxxxxxxx> wrote:


On 6/20/2010 11:53 AM, SM wrote:
The reader will note that neither implementation nor operational
experience is required. In practice, the IESG does "require
implementation and/or operational experience prior to granting Proposed
Standard status".


Well, they do not /always/ require it.


That said, the fact that they often do and that we've lived with the reality of that for a long time could make it interesting to simplify things significantly:

  1.  Have the current requirements for Draft be the entry-level requirement for a standard  -- do away with Proposed, not Draft.

  2.  Have a clear demonstration of industry acceptance (deployment and use) be the criterion for "Internet Standard" (ie, Full.)

Having two interoperable implementations required for /all/ new specifications takes care of two interesting questions.

     a.  Whether the specification can be at all understood.

     b.  Whether there is any meaningful industry motivation to
         care about the work.

With these two questions satisfied, the nature of challenges against standardization might tend to be more pragmatic than theoretical.


d/

--

 Dave Crocker
 Brandenburg InternetWorking
 bbiw.net

_______________________________________________



--
Website: http://hallambaker.com/

_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]