To:
<Amadeu@nominalia.com>, <andy@ccc.de>, <jcohen@shapirocohen.com>, <junsec@wide.ad.jp>, <karl@cavebear.com>, <lyman@acm.org>, <lynn@icann.org>, <mouhamet@next.sn>, <vinton.g.cerf@WCOM.COM>, <apisan@servidor.unam.mx>, Ólafur Guðmundsson <ogud@ogud.com>, "Bill Manning" <bmanning@ISI.EDU>
Cc:
<yjpark@myepark.com>, "Ron Sherwood" <sherwood@islands.vi>, "Richard J. Sexton" <richard@vrx.net>, "Richard Henderson" <richardhenderson@ntlworld.com>, <ray@fassett.org>, <love@cptech.org>, <k@widgital.com>, "Judith Oppenheimer" <joppenheimer@icbtollfree.com>, "Joop Teernstra" <terastra@terabytz.co.nz>, "Joe Baptista" <baptista@dot-god.com>, "Joanna Lane" <jo-uk@rcn.com>, <jefsey@jefsey.com>, <hfeld@mediaaccess.org>, <hans.klein@pubpolicy.gatech.edu>, <eric@hi-tek.com>, "Ben Edelman" <edelman@law.harvard.edu>, "@quasar Internet Solutions, Inc." <shore@quasar.net>, <karl@cavebear.com>, <dnsop@cafax.se>, <johani@autonomica.se>, <bmanning@ISI.EDU>
From:
"Jim Fleming" <JimFleming@ameritech.net>
Date:
Mon, 7 Oct 2002 22:53:37 -0500
Sender:
owner-dnsop@cafax.se
Subject:
Re: Interim signing of the root zone.
From: "Bill Manning" <bmanning@ISI.EDU> "Folks that have serious commercial interests in a stable system will not be amused when we start experimenting with the systems that they depend on. ====== The entire, "toy", 32-bit, experimental, proof-of-concept network is the perfect place to play. Companies with a serious commercial interest have all of the labs and facilities they need to fully test software and systems before they are deployed. The only amusement is that people from the experimental networks take themselves so seriously. The commercial world does not. Jim Fleming 2002:[IPv4]:000X:03DB:...IPv8 is closer than you think...IPv16 is even closer... http://www.ietf.com http://www.iana.org/assignments/ipv4-address-space http://www.ntia.doc.gov/ntiahome/domainname/130dftmail/unir.txt http://ipv8.dyndns.tv http://ipv8.dyns.cx http://ipv8.no-ip.com http://ipv8.no-ip.biz http://ipv8.no-ip.info http://ipv8.myip.us http://ipv8.dyn.ee http://ipv8.community.net.au ----- Original Message ----- From: "Bill Manning" <bmanning@ISI.EDU> To: "Ólafur Guðmundsson" <ogud@ogud.com> Cc: <bmanning@ISI.EDU>; <johani@autonomica.se>; <dnsop@cafax.se> Sent: Monday, October 07, 2002 10:37 PM Subject: Re: Interim signing of the root zone. > % At 14:10 2002-10-07, Bill Manning wrote: > % > some concerns: > % > > % > DS only works in snapshot code. And the publicly availble > % > snapshots have known, serious operational problems. We -REALLY- > % > need more stable code before committing this to production. > % > % Bill this is version 00 of the draft, your concerns are noted but > % this particular experiment is not starting next week or next month. > % This is the documentation for the experiment and Johan is seeking feedback. > > documentation for -an- experiment. an experimental setup has > existed and been running for over 2 years. Signing the root > zone in this testbed has been operational for three months, > nearly as long as ther has been DS capable code. I remain > leary of experimentation with the live system. > > % > the selection of RIRs. RIRs -DO- have the DNS as a primary > % > field of activity. (see in-addr.arpa.) The holders of > % > forward space (.SE, DE, NL, etc.) become disinfranchised > % > "customers". > % > % RIR are geographically competent operators for this experiment, > % for future production Layer 9 will become involved. > > "geographically competent" - now there's a turn of phrase :) > -IF- this is really an experiment, with the live system, > then bounding the experiment is prudent. I'd be -very- > leary of giving even the suggestion of "early-implementor" > bias to one vector of the possible keyholder pool. > > % > "sufficient number" and "out-of-band" are concepts that > % > really need some concrete recommendations. > % > % Yes, suggestions. > > More experimentation in the operational testbed may generate > some empirical numbers/processes that work. Not convinced > that running this on the live system is reasonable. > > % > key duration should be better fleshed out. Experiences from > % > the existing testbed may be useful. > % > % yes, suggestions please, > % as well as key length key set size etc, etc. > > > More work within the existing testbed will generate such > numbers that have some grounding in experience. > > % > key publication methods have been explored but do need further > % > work. > % > % agreed, this is one of many the research programs that this experiment > % will hopefully shed some light on what works and what does not. > % Issues involve: > % - DS or KEY as published record > % - where to publish > % - is there a way to auto-configure resolvers trusted keying list > > > So... why are we considering experimenting with the live, > production root system at this time? IMHO, this is lunacy. > We have a working, experimental system in play where most > (all) of these issues can be tested. Folks that have > serious commercial interests in a stable system will not be > amused when we start experimenting with the systems that > they depend on. > > % Olafur > > > -- > --bill