[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Second OPT IN last call results in postponed decision

To: "Hallam-Baker, Phillip" <pbaker@verisign.com>, "Hallam-Baker, Phillip" <pbaker@verisign.com>, "'Ólafur Gudmundsson/DNSEXT co-chair'" <ogud@ogud.com>, namedroppers@ops.ietf.org
Subject: Re: Second OPT IN last call results in postponed decision
From: Ted Hardie <hardie@qualcomm.com>
Date: Tue, 04 Feb 2003 15:19:17 -0800
In-reply-to: <CE541259607DE94CA2A23816FB49F4A310FF23@vhqpostal6.verisign.com>

At 01:43 PM 2/4/2003 -0800, Hallam-Baker, Phillip wrote:

Ordinarily the chairs set the process for WG last call. However this is
actually the SECOND last call for opt-in.

http://ops.ietf.org/lists/namedroppers/namedroppers.2002/msg00398.html

I went back and re-read that thread and the surrounding threads. I don't
think the wg came to consensus.  Others are welcome to re-read
them and come to their own conclusions.  I saw several different viewpoints
ranging from "Delegation only OPT-IN gives us all the hassle and none
of the advantages" to "OPT-IN is a rope mainly useful for hanging"
with a lot of confusion remaining on what the spec actually said.
At least one of the authors (Roy) indicated that the spec needed
further work before it could go forward.  This is not an unusual result
to a working group last-call, frankly, but it is also not a signal
that the draft is ready.

The result of the last working group last call was that after the
discussion on the list clearly supported opt-in the chairs decided to
take the matter to a forum of their own chosing - the DNS directorate,
even though if you read the IETF process you will see that this is a
step that only the IESG Area Directorate for the WG could take. It is
not a step that Randy was entitled to take.

The DNS Directorate never made any report back to the WG so what exactly
was the point?

This was hashed over many, many times on the mailing list, so I refer
folks back to that.  I'd say DRC's comment and the follow ups are reasonable
places to start:

http://ops.ietf.org/lists/namedroppers/namedroppers.2002/msg00742.html

Other starting places and other conclusions are, of course, possible.

So now we are expected to meakly go off again with a second unorthodox
detour because the chairs want to change the rules again?

No, Ted, the chairs do not at this point get the benefit of the doubt.
Not the second time arround.

Splitting the discussion so we hold the discussion on the technical
issues before the requirements appears to be more a filibuster device
than an attempt to focus the debate. The debate was completely focused,
in fact it was so focused it had ended, no technical objections existed.

Again, I went back and looked at the sum total of comments received
during the last call response period.  If it had ended, no one really
bothered to state the conclusions during the last call.  Asking for
an explicit yes seems reasonable to me.

        Given the length of time the group has been discussing this
issue I believe that it strains anyones credulity to claim that there
was a lack of review.

Possibly I'm credulous.  But my experience has been that many
groups lose energy to give real review to specs as they go through
the process.  As Derek put it one of his messages:

One of the real issues is that opt-in severly changes the security
properties of DNSsec in a way that is not completely understood and
without a clear and comprehensive security analysis.  Being a security
person myself I am uncomfortable mucking with security properties
without a clear analysis of the ramifications.  Said cache-poisoning
attacks are one such ramification.  Are there others?  We don't know.
And there-in lies the potential gotchas.

(from http://ops.ietf.org/lists/namedroppers/namedroppers.2002/msg00744.html )

I'd say ensuring that this analysis had been done and had some testing
is a reasonable precursor to moving forward (and I'm very glad to hear that
the write-up from the pre-RIPE meeting will be soon available).

        Or are you arguing that a specification should be held up
because people opposed to it on ideological grounds did not bother to
read it but might have found technical objections had they done so?


Nope.  I'm arguing that requesting a positive assertion that something
is the right thing to do is a reasonable way to gauge a working group's
confidence in a specification.

        In case it is not obvious I am in favour of OPT-IN.

                Phill


In case it is not obvious, I think the quality of the outcome is more important
than adherence to a timetable, and I have occasional heretical thoughts that
it might even be more important than adherence to a particular process.

                                regards,
                                        Ted Hardie




--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- Second OPT IN last call results in postponed decision
  - From: "Hallam-Baker, Phillip" <pbaker@verisign.com>

Prev by Date: Second OPT IN last call results in postponed decision
Next by Date: Re: DNSEXT WGLC: DNSSEC Opt-in
Previous by thread: Second OPT IN last call results in postponed decision
Index(es):
- Date
- Thread