[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


To: Bill Manning <bmanning@isi.edu>, mcr@sandelman.ottawa.on.ca
Cc: dnssec@cafax.se
From: Ólafur Gudmundsson/DNSEXT co-chair <ogud@ogud.com>
Date: Mon, 10 May 2004 16:36:02 -0400
In-Reply-To: <200405101858.i4AIwvM03808@boreas.isi.edu>
Sender: owner-dnssec@cafax.se
Subject: Re: dnssec: resolver - application communication 

At 14:58 2004-05-10, Bill Manning wrote:
>% Chairs:
>%   I would like to suggest that this is a big piece of work, and that it
>%   should be split into into a seperate effort. We keep coming back to
>%   this, and it needs to be resolved, but I don't think it needs to hold
>%   up rfc2535bis.
>
>         Chairs?  What chairs?  Is this an IETF WG mailing list?



Me, and the 2 letter shorter version of my name :-)

 From DNSEXT charter:
The DNSEXT Working Group actually uses an additional mailing list for
discussion of DNS Security related issues. This list is open to
all:
       Discussion: dnssec@cafax.se
       To Subscribe: dnssec-request@cafax.se
       Archive: http://www.cafax.se/dnssec/ and
                ftp://ftp.cafax.se/pub/archives/dnssec.list

So everything you say here is part of the IETF process, this mailing is
restricted to discussions about DNSSEC and once these idea exchanges have
matured they are expected to die/migrate to namedroppers/become ID's.

We chairs have identified that the "last mile" issue is an important one
and needs to be addressed. This is a good time to start it, brainstorm about
what you think is needed, write a requirements document(s) from different
perspectives:
         Two DNS resolvers
         DNS resolver logging
         DNSSEC aware stub-resolver
         Applications

The solution space is open at this point to discussions on:
         EDNS options
         New DNS Meta RR types to carry information

Out of band information flow is bad.

I want to echo what Russ Mundy said:
>On a broader basis, as more zones begin to be operated as signed zones, it
>is not possible for the designers, engineers and implementers (i.e., us) to
>figure out in advance how people will _actually_ use this thing that we're
>about to give them.  I strongly believe that we need to explore some of the
>possibilities for where and how validation of responses from signed zones
>can and/or should be done.  I also believe that it's much too early to
>standardizing interfaces and such but we do need to keep track of what we
>learn in the exploration

But it is not too early to start designing experiments.

         Olafur
Home | Date list | Subject list