[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: DNSEXT WGLC: DNSSEC Opt-in
At 11:55 AM 2/4/2003 -0800, Hallam-Baker, Phillip wrote:
> Default action: if there is NO response to these questions
> Opt-in document
> will be removed from the working group.
That is a curious choice of default action. OK I will state for
the record yet again.
Without OPT-IN there is no prospect of DNS-SEC being deployable
in the large zones. OPT-IN thus meets a critical requirement for
which no competeing solution has been proposed.
The working group chairs asked for us to first consider the question of
whether this draft sufficiently specifies the mechanisms it proposes.
They asked to delay the question of whether it is required for
deployment until that question has been answered. That seems
to me a reasonable process, as it gives us a focused topic. That
does not mean the second question will not be considered.
The choices facing this group are therefore
1) Accept Opt-in
2) Abandon DNS-SEC
The lack of technical objections in last call is more usually taken
as an indication that there are no technical objections to the
proposal.
The lack of technical commentary can indicate a lack of
review, rather than a lack of objections. Requesting
comments (positive or negative) is a way of ensuring the review
occurs.
> Note: We are only asking the technical questions about
> Opt-in, the political
> question if we want to standardize this will be addressed if the
> technical questions are affirmative.
If you don't want to discuss the requirement then the only thing
that is left to discuss is technical objections. So silence can
only mean consent.
See above.
> Q: Is the description in the document of Opt-In complete ?
How on earth is this meant to get a positive response? No IETF
specification has ever been "complete". The authors believe
the draft to be complete or they would not have proposed it
go into last call.
This is a request by the WG chairs for other members of the working
group to state whether or not they concur or can point to
areas where it is not complete.
This appears to me to be yet another attempt to legitimate fuzzy
objections that dare not speak their name as in:
'I'm not happy but I think I'm too important to have to
give reasons why'.
'we have discussed this draft in the context of the TIA project,
objections were raised but they are classified'.
'This draft does not explain the consequences of 20% of
microfleems being subjugdanate'
A compelling requirement has been described. No technical objections
were raised during last call. Therefore the draft should go forward.
Again, the WG chairs asked us to discuss the spec first, then the
question of whether the requirement is or is not compelling.
> Q: Does this document satisfy people as being implement able
> and testable specification ?
It is a heck of a lot more implementable that what we have at presen
I repeat, either the .com issue is addressed or DNSSEC DIES NOW.
If you have *implementation experience* that OPT-IN is better
than DS without OPT-IN, now would be a good time to share it.
> Q: Are there implementations of opt-in and have there been any tests ?
Yes, see comments by Paul.
If you have pointers to results of those tests, that would be valuable.
> The chairs will consider any response received on the mailing list or
> sent privately to BOTH chairs, by February 12'th.
If someone has a technical objection they should be able to discuss it
in public.
I agree that all issues raised should be made public, and I suggest that
the chairs send email to the list summarizing or excerpting any concerns
they receive privately. Since the decision to advance or not
advance the standards will be made on the technical merits of
the review, it should not matter what names are associated with
the review.
regards,
Ted Hardie
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>