DNS Extensions (dnsext)

Andrew Sullivan | 5 Jul 2010 20:06

[dnsext] Reminder: draft charter was posted for discussion

Dear colleagues,

This is a reminder that we posted some time ago a new draft charter
for the WG.  We've had very little feedback on it.  Two of the
responses asked for us to move the timelines; I have resisted those
calls, but I wonder whether others think more aggressive timelines to
be reasonable.

I attach it again here for your convenience.  I have not yet made the
editorial changes suggested by one eagle-eyed reviewer (off list).

This topic will take a considerable chunk of the time we have
scheduled in Maastricht.  The charter represents our commitments to
the rest of the IETF.

If you have opinions on it, it would be nice to hear them.  We expect
to discuss this in Maastricht and then send it along to our AD,
barring any changes.

Best, 

Andrew

--

-- 
Andrew Sullivan
ajs <at> shinkuro.com
Shinkuro, Inc.

DRAFT charter for DNSEXT, 2010-05-28.  SUBJECT TO CHANGE

(Continue reading)

Paul Hoffman | 5 Jul 2010 21:18

Re: [dnsext] Reminder: draft charter was posted for discussion

At 2:06 PM -0400 7/5/10, Andrew Sullivan wrote:
>This is a reminder that we posted some time ago a new draft charter
>for the WG.  We've had very little feedback on it.  Two of the
>responses asked for us to move the timelines; I have resisted those
>calls, but I wonder whether others think more aggressive timelines to
>be reasonable.

More aggressive timelines are possible for the aliasing work, given that if no consensus is possible, the
work could just be killed. They are not possible for things that are supposed to be done.

Current:
June 2010       RFC3597-bis Unknown RR advanced to IESG for PS
July 2010       DNSKEY Registry fixes and allocation procedure advanced to IESG
July 2010       DNSSEC Errata document to IESG
Sept 2010       EDNS0-bis update advanced to IESG
Dec  2010       TSIG/MD5 Obsoleting to IESG
Dec  2010       IXFR-only to IESG
July 2011       WG consensus on new or revised RRTYPEs for DNS tree aliasing
                         work
July 2011       Interoperation testing on new or revised RRTYPEs for
                DNS tree aliasing (particularly with existing deployed code)
Nov  2011       Document on new RRTYPE or revised RRTYPE handling for
                         DNS tree aliasing to IESG
Nov  2011       Document on in-zone metadata for DNS tree aliasing to IESG
Nov  2011       Document on uses and limitations of different DNS tree
                         aliasing techniques to IESG

Proposed:
Aug  2010       RFC3597-bis Unknown RR advanced to IESG for PS
Aug  2010       DNSKEY Registry fixes and allocation procedure advanced to IESG

(Continue reading)

Lawrence Conroy | 6 Jul 2010 02:07

Picon

Re: [dnsext] Reminder: draft charter was posted for discussion

Hi esteemed co-chair, folks,
  Speaking from an ENUM perspective, I trust that the EDNS0-bis draft
can hit the IESG in this timeframe (i.e. a month's time from now).

We were going to put in a specific requirement into ENUM for EDNS0
support, but withdrew this as a general dnsext document was coming.

I for one would be happy to avoid having to add an ENUM-specific doc.

As a datum, we have NAPTR-reading client programs that use EDNS0 by
default and have not heard of widespread problems -- lord knows some
of the .tel domains have large RRsets, and that is also true for some
of the ENUM domains I've seen. It sure is time to make this mandatory.

all the best,
  Lawrence

On 5 Jul 2010, at 19:06, Andrew Sullivan wrote:
> Dear colleagues,
> 
> This is a reminder that we posted some time ago a new draft charter
> for the WG.  We've had very little feedback on it.  Two of the
> responses asked for us to move the timelines; I have resisted those
> calls, but I wonder whether others think more aggressive timelines to
> be reasonable.
> 
> I attach it again here for your convenience.  I have not yet made the
> editorial changes suggested by one eagle-eyed reviewer (off list).
> 
> This topic will take a considerable chunk of the time we have

(Continue reading)

Niall O'Reilly | 7 Jul 2010 10:18

Picon

Re: [dnsext] Reminder: draft charter was posted for discussion

On 05/07/10 19:06, Andrew Sullivan wrote:
> Dear colleagues,
>
> This is a reminder that we posted some time ago a new draft charter
> for the WG.  We've had very little feedback on it.

	FWIW, here is a little more ...

> Two of the
> responses asked for us to move the timelines; I have resisted those
> calls, but I wonder whether others think more aggressive timelines to
> be reasonable.

	Actual delivery of results is more significant than the
	targets expressed in the timelines.  Given the necessary
	enthusiasm, early delivery of results can be achieved
	whether or not the timelines are adjusted.   Without such
	enthusiasm, tweaking the programme isn't going to accelerate
	progress.  I'm for leaving them as they are.

> I attach it again here for your convenience.  I have not yet made the
> editorial changes suggested by one eagle-eyed reviewer (off list).
>
> This topic will take a considerable chunk of the time we have
> scheduled in Maastricht.  The charter represents our commitments to
> the rest of the IETF.
>
> If you have opinions on it, it would be nice to hear them.  We expect
> to discuss this in Maastricht and then send it along to our AD,
> barring any changes.

(Continue reading)

Suzanne Woolf | 7 Jul 2010 13:17

Re: [dnsext] Reminder: draft charter was posted for discussion


Chairs, colleagues,

I'm in general support of the new charter (with all due sympathy to
those who hoped we'd be able to leave the WG peacefully asleep).

On Wed, Jul 07, 2010 at 09:18:38AM +0100, Niall O'Reilly wrote:
> On 05/07/10 19:06, Andrew Sullivan wrote:
> >Two of the
> >responses asked for us to move the timelines; I have resisted those
> >calls, but I wonder whether others think more aggressive timelines to
> >be reasonable.
> 
> 	Actual delivery of results is more significant than the
> 	targets expressed in the timelines.  Given the necessary
> 	enthusiasm, early delivery of results can be achieved
> 	whether or not the timelines are adjusted.   Without such
> 	enthusiasm, tweaking the programme isn't going to accelerate
> 	progress.  I'm for leaving them as they are.

+1 on this too. For all the historic and management reasons already
brought up in the discussion previously, setting conservative
timelines and then beating them is preferable to setting aggressive
ones and failing to meet them. I'm especially concerned about the
effect it will have if we don't include the "Guess this is more
complex than we thought" factor, because (as previously noted, more
than once) tinkering with old, widely deployed protocols probably
can't be done without subtle (and time-consuming) complications.

Suzanne

(Continue reading)

Alex Bligh | 7 Jul 2010 13:27

Picon

Re: [dnsext] Reminder: draft charter was posted for discussion


--On 7 July 2010 09:18:38 +0100 Niall O'Reilly <Niall.oReilly <at> ucd.ie> wrote:

> 	Actual delivery of results is more significant than the
> 	targets expressed in the timelines.  Given the necessary
> 	enthusiasm, early delivery of results can be achieved
> 	whether or not the timelines are adjusted.   Without such
> 	enthusiasm, tweaking the programme isn't going to accelerate
> 	progress.  I'm for leaving them as they are.

+1. Experience suggests we do not always meet even timelines which
we initially consider not ambitious.

--

-- 
Alex Bligh

Alex Bligh | 7 Jul 2010 12:53

Picon

Re: [dnsext] Reminder: draft charter was posted for discussion


--On 5 July 2010 14:06:41 -0400 Andrew Sullivan <ajs <at> shinkuro.com> wrote:

> This is a reminder that we posted some time ago a new draft charter
> for the WG.  We've had very little feedback on it.

+1 for new charter

--

-- 
Alex Bligh

Paul Vixie | 8 Jul 2010 03:54

Re: [dnsext] Reminder: draft charter was posted for discussion

> Date: Mon, 5 Jul 2010 14:06:41 -0400
> From: Andrew Sullivan <ajs <at> shinkuro.com>
> 
> This is a reminder that we posted some time ago a new draft charter
> for the WG.  We've had very little feedback on it.  ...
> 
> I attach it again here for your convenience.  ...
> 
> This topic will take a considerable chunk of the time we have
> scheduled in Maastricht.  The charter represents our commitments to
> the rest of the IETF.
> 
> If you have opinions on it, it would be nice to hear them.  ...

with the understanding that there's a range of possible views as to the
desireability of continued evolution in a mature deployed protocol, here
are mine.  i apologize to our WGC's for the lateness of this reply.

+---
| DRAFT charter for DNSEXT, 2010-05-28.  SUBJECT TO CHANGE
...
| The WG will consider work in the following areas:
| 
| * DNSSEC and TSIG/TKEY algorithm maintenance
| * Mechanisms that complement, or are alternatives to, TSIG and SIG(0)

since TSIG and SIG(0) are both last-mile (recursive to stub) protocols,
perhaps this bullet item would be clearer if it was amended to say:

* Last mile (recursive to stub) mechanisms that complement, or are

(Continue reading)

George Barwood | 8 Jul 2010 07:19

Picon

Re: [dnsext] Reminder: draft charter was posted for discussion

----- Original Message ----- 
From: "Paul Vixie" <vixie <at> isc.org>
To: <namedroppers <at> ops.ietf.org>

> | * Hardening DNS protocol and providing guidance to implementers
> 
> the word "hardening" is at best unclear in this context.  perhaps this can
> be reworded as follows:
> 
> * Improving defensibility and resiliency of DNS protocol agents by analyzing
>  possible buffer overrun/underrun conditions and offering implementation
>  guideance on test coverage for same.

My understanding of "hardening" is that it refers to measures to mitigate or prevent
the various denial of service / privacy attacks that may be possible with the current DNS transport,
especially those which may have been aggravated by the introduction of DNSSEC and EDNS.

That doesn't mean that every such proposal should be adopted, just that such proposals
are within the scope of the WG.

Ondřej Surý | 8 Jul 2010 17:52

Picon

Re: [dnsext] Reminder: draft charter was posted for discussion

Paul,

> | * Mechanisms that complement, or are alternatives to, TSIG and SIG(0)
>
> since TSIG and SIG(0) are both last-mile (recursive to stub) protocols,
> perhaps this bullet item would be clearer if it was amended to say:
>
> * Last mile (recursive to stub) mechanisms that complement, or are
>    alternatives to, TSIG and SIG(0); specifically including stub DNSSEC
>    validation and protocol extensions to support same.

We use TSIG to authenticate AXFR - hence I am unsure if limiting to 
"Last mile" isn't too specific.

> | * Hardening DNS protocol and providing guidance to implementers
>
> the word "hardening" is at best unclear in this context.  perhaps this can
> be reworded as follows:
>
> * Improving defensibility and resiliency of DNS protocol agents by analyzing
>    possible buffer overrun/underrun conditions and offering implementation
>    guideance on test coverage for same.

I think you have changed meaning of the "Hardening DNS protocol" to 
"Hardening DNS implementations".  Both is fine, but different.  Anyway 
I'm fine with word "Hardening".

> | * Improving DNS zone synchronization mechanisms
>
> i think this is too specific, and should be reworded as follows:

(Continue reading)

Ondřej Surý | 8 Jul 2010 14:23

Picon

Re: [dnsext] Reminder: draft charter was posted for discussion

Andrew,

I have read the new charter and I am fine with it atm.

Ondrej

On 5.7.2010 20:06, Andrew Sullivan wrote:
> Dear colleagues,
>
> This is a reminder that we posted some time ago a new draft charter
> for the WG.  We've had very little feedback on it.  Two of the
> responses asked for us to move the timelines; I have resisted those
> calls, but I wonder whether others think more aggressive timelines to
> be reasonable.
>
> I attach it again here for your convenience.  I have not yet made the
> editorial changes suggested by one eagle-eyed reviewer (off list).
>
> This topic will take a considerable chunk of the time we have
> scheduled in Maastricht.  The charter represents our commitments to
> the rest of the IETF.
>
> If you have opinions on it, it would be nice to hear them.  We expect
> to discuss this in Maastricht and then send it along to our AD,
> barring any changes.

--

-- 
  Ondřej Surý
  vedoucí výzkumu/R&D manager
  -------------------------------------------

(Continue reading)

Joe Abley | 9 Jul 2010 23:13

Picon

Re: [dnsext] Reminder: draft charter was posted for discussion


On 2010-07-05, at 14:06, Andrew Sullivan wrote:

> If you have opinions on it, it would be nice to hear them.  We expect
> to discuss this in Maastricht and then send it along to our AD,
> barring any changes.

The proposed new charter looks sane to me. Here are some trivial, non-substantitve edits. With or without
them, I support this revised charter.

Joe

--- draft-2010-05-28-orig.txt	2010-07-09 17:09:51.000000000 -0400
+++ draft-2010-05-28.txt	2010-07-09 17:12:21.000000000 -0400
 <at>  <at>  -21,7 +21,7  <at>  <at> 
 * Maintaining a Wiki containing a guide to DNS protocol RFCs
 * Improving DNS zone synchronization mechanisms 
 * Examining transport protocols, possibly adding new ones.
-* Mechanisms to alias DNS trees or parts thereof
+* Exploring mechanisms to alias DNS trees or parts thereof

 While the DNS offers two mechanisms for aliasing DNS labels -- CNAME
 and DNAME -- neither of these provides the support necessary to alias
 <at>  <at>  -29,7 +29,7  <at>  <at> 
 that the restriction has proven to be too great in practice,
 particularly with burgeoning deployment of IDNA and the need to
 provide domain name variants.  The issue is made more complex by
-DNSSEC
+the deployment of DNSSEC.

(Continue reading)

Return

Return to gmane.ietf.dnsext.

Advertisement

Search Archive

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane