Re: Minneapolis - agenda items please.

[Johan Ihren <johani@autonomica.se>]

Randy Bush <randy@psg.com> writes:

Randy,

> >> won't the mobile host either be
> >>   o tunneled to 'inside' and hence will have the inside view of the
> >>     dns
> >>   o or living outside and hence have an outside view of the dns?
> > 
> > Yes. And those two are *different*, which is exactly my point. They
> > shouldn't be. If you and I sit down in two chairs next to each other I
> > see a certain benefit to us being able to share a common view of the
> > namespace we call the Internet.
> 
> given the world of vlans, because we are in the same room does not
> mean our laptops are logically in the same room.  as someone whose
> daytime job requires a machine tunneled, i am horrifyingly aware of
> the implications and consequences.

I don't care whether we're on the same planet. I only care whether we
both claim to be on *the* Internet, and the criteria for that should
be that we share the namespace. All of it.

As the v4/v6 transport discussions show, the namespace is really what
matters to define the Internet. Not shared transport. And therefore
(almost *by definition*) not identical reachability.

I really think that you and I agree on this...

> >> i doubt any of us like it.  but if you're gonna make a mess, it seems
> >> your responsibility to contain it.  entropy and all that.
> > While I agree to the principle (you and I can share the same horse in
> > the argument against the firewalling brigade)
> 
> i was not saddling up rosenantes.  i was mearly saying that, if one is
> going to partition the net, then one is responsible for a clean and
> thorough job.

I agree that should be the goal.

> > the question I have is what constitutes the greater evil to the Internet:
> > 
> >         * a namespace that changes (to the point of being different
> >           for two people sitting next to each other), but with all the
> >           stuff you do see reachable 
> > 
> >         * a namespace that is static (in the sense that you and I can
> >           share it, regardless of whether we're sitting next to each
> >           other or on opposite sides of the Atlantic), but with some
> >           stuff unreachable to one or both or us.
> > 
> > It can well be that the first one is better after all, but it is not
> > obvious to to me that this is the case.
> > 
> > I do not like the semi-reachable stuff myself, but I do realize that
> > such things are already very common, and are still increasing.
> 
> well said.
> 
> but i have a *very* severe alarm that goes off when i see increasing
> entropy.  so i choose the former, thems that plays pays.  you do that
> stuff, you are a consenting adult.

I agree to consenting adult part, but I do not agree that split-DNS
everywhere, as an attempt at painting over the semi-reachability
problem, minimizes entropy. As any painter knows: with sufficiently
bad groundwork, no amount of paint will make it look nice. And in this
case the paint is of highly questionnable quality.

Let me put the argument this way (in my day job as the devil's advocate):

* DNS is about the namespace and it's coherency. 

* The transport layer is about reachability.  

* The application layer is about coping with lack of reachability.

By trying to solve this in DNS, couldn't it be that you're working in
the wrong layer?

Johan