Re: DNSEXT future

[Edward Lewis <Ed.Lewis@neustar.biz>]

Kill it.

The rest of the message says as much, so if you 
are into the "bottom line" you can stop reading 
already.

At 20:36 -0400 3/26/07, Ólafur Guðmundsson /DNSEXT co-chair wrote:

> With the conclusion of the NSEC3 work there seems to be consensus
> that DNSSEC work is done.

Oh, the DNSSEC work is not done, but what remains 
does not need a WG to discuss the protocol.

There's plenty of DNS work out there - 
implementations, performance, etc.  But the 
protocol is cooked though and through.

Yes, DLV probably ought to be allowed to come to 
a conclusion first, but on the other hand, it's a 
shame we have to do it.

> All the remaining work in the group are close to completion,
> with the exception of
> 	ECC DNSKEY specification.

I have nothing against this, but it has fallen so 
far off my radar, I can't see me wanting to 
volunteer any time to work on it.  Will this be 
what puts DNSSEC over the top and get interest in 
its deployment?  If not, I wouldn't keep a WG 
together for it.

> 	advancing RFC's up the standards track.

Does anyone care about the latter?  I have seen 
that no one wants to bother.  This has become a 
strictly bureaucratic hurdle.

Draft Standards is supposed to mean that 
interoperability has been demonstrated by relying 
on the specifications.  That's a noble goal.  But 
the way things work in the DNS industry today we 
mostly just check to see if the new 
implementations work with BIND and that's enough. 
(At least one open source implementation touted 
that it's testing consisted of replaying queries 
and checking to see if the relies matched that of 
a BIND server's real responses to the same 
queries.)

As long as no one demands Draft Standard compliance, it's not worth the effort.

What about DNAME?  That's the only topic that 
caused any stir of engineering at the meeting 
last week.

> Both of these items have not had great interest or activity.
> A potential new item for the working group is the provide input on the
> processing of RFC2929bis templates while that process is stabilizing.

I'll note that RFC 2929bis has nothing to do with 
engineering and is a (much needed) bureaucratic 
process.  It's not about engineering.

> For this reason we asked the meeting and our AD for guidance on what to do
> with the working group. The three options are
> 	A. keep the working group open
> 	B. Put the group to sleep/hibernate
> 	C. Close the working group

> Draft charter for DNSEXT in hyphenated state:
>     The DNSEXT WG group will actively maintain the DNS protocol and is
>     available for advancing DNS protocol related RFCs on the standard
>     track, while defending against further enhancements of questionable
>     value.

I really think it is a folly to maintain a 
dormant WG.  (For those who don't know, Olafur 
and I go back 25 years back before I had to help 
him with the English of his thesis - I say this 
because: "Olafur, *hyphenated*? Is the group 
getting married?  Like DNSOP-DNSEXT?  Sorry 
folks, sorry for the sarcasm - yes it doesn't 
scale.)  Oh, back to the cynical comment I *was* 
going to make...

A "hibernating" anything cannot "actively" do anything.

Returning to being serious...DNSEXT was formed to 
engineer specific extensions for DNS, not be a 
bit bucket for the DNS protocol changes.

The DNS protocol is something that should not be 
undergoing continuous measurable improvement. 
It's infrastructure, at some point it is done. 
People who aren't DNS experts ought to be able to 
see a stable platform.

Yes there are features we want out of a naming 
system that are not in DNS.  But there's no way 
we are going to get them features with what's 
running on port 53 today.  "Super wildcards" - 
hat's off to the idea, but it can't happen with 
this protocol, we've plum tweaked the protocol 
out.

Here's why we need to kill this outright:

1) Tell the ICANN folks we are done.  They can 
count on the DNS as the basis of much of the work 
going on there.  I'd be happy if we could 
engineer a better naming system (DNS2) that 
better fits the budding regulatory environment 
growing there.

2) Tell the folks that are not signing the root 
that we've done the best we can, it's in their 
hands now.  The extensions are done.

3) Let folks know that the IETF is still an 
engineering organization with dynamic components, 
not yet a crusty bureaucracy that can't seem to 
let go of bailiwicks.

4) Give the impression that new features for a 
naming system are going to need a major overhaul 
of the naming system.

Engineering is meant to solve other people's 
problems.  Fortunately for us, there are always 
problems somewhere.

PS - There's no reason to shut down the list. 
The PROVREG WG as shut down (effectively after 
the spring 03 IETF, officially about a year more 
as documents got passed through the 
gastro-editorial tract), the ietf-provreg list 
stayed open (and still is) and has seen the 
documents get to Draft Standard.  The latter 
thanks to there being a desire to see it happen 
by participants.  (And no WG as needed!)

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

Sarcasm doesn't scale.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>