Dear colleagues, I have read the document draft-yao-dnsop-idntld-implementation-01.txt. I note that there is an agenda item on the DNSOP WG agenda to consider this draft.
I am strongly opposed to the draft, and wish to express my opposition to it being adopted by the WG. In my opinion, the draft places altogether too much confidence in the notion that data consistency can in any way be enforced across two completely different delegations. If we are to take at all the idea of variants seriously, then what we must suppose is that any name must be _functionally the same_ as all the other variants of that name. The only mechanism we have in the DNS that approaches that functionality is DNAME. DNAME is far from ideal: it does not actually mirror the root of the tree, and there are other nasty issues (MX is an obvious one). The authors are correct that a DNAME deployment could indeed lead DNS operators lower in the tree to do broken things. But neither of those issues holds a candle to the mistaken notion that two actually different delegations may be relied upon to be the same. If we encourage NS delegation from the root into different zones that are supposed to be the same, then in the absence of complicated, as-yet-unwritten tools to enforce the lock step consistency of those different delegations (and to check them all the time), the chances of the different zones actually being the same all the time approaches zero. Since the principle of a variant is that it just be another spelling for the name (as though we granted colour.com automatically to the registrant color.com), any difference in the answer you get from the servers for one and the servers for another is by definition a problem. I appreciate the problems the authors are trying to solve, and I understand why they are taking this path; but it is still the wrong path, and I believe it to be a greater threatl to the stability of the DNS than the introduction of DNAMEs near the top. Best regards, Andrew -- Andrew Sullivan a...@shinkuro.com Shinkuro, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
