At 19:03 +0100 7/8/11, Stephen Morris wrote:
Don't get me wrong, I don't want any unnecessary delay. But if it turns
out that what is being addressed is part of a larger problem, it's worth
looking first to see if there is a general solution.
I sent a response to the chairs and to George earlier because, and
I'll explain, I've been purposely ignoring the CDS proposal. After a
quick back and forth, I figured I should post to the list.
I have been ignoring CDS because both of the angles I have on DNS
would find record to be useless. I do not feel it is worthwhile to
suppress work in the IETF that is of no consequence, so I haven't
objected.
My angles include ICANN contracted TLD operator and a managed DNS
provider. In the former, we have to address the Shared Registry
Model whether it is universal or not. As a managed DNS provider, we
don't have to beckon to the SRM but the (what I estimate to be) vast
majority of our customers do.
I understand that my angles are not the only ones. There are
situations in which an direct parent-child exchange of information
makes sense. But it doesn't for me and doesn't for, I'll put it this
way, a significant portion of the domain name management market.
A snide person would ask "does the IETF want to invent cool gadgets
or useful gadgets?" Cool would be something that is direct, useful
is something that is acceptable to the SRM.
One more caveat. It's not an open-and-shut case that CDS would be
"in violation" of the SRM. Perhaps a direct parent-child solution
could be hammered out. But given other priorities, I just have spent
any time on CDS because I think it is unlikely.
I don't believe we need a single, one-size fits all solution. I
think that sometimes that goal is a huge deterrent in finding a
workable set of solutions.
These are two questions asked in a side conversation and figured I
might as reply on the list.
(a) if a child zone requests through the proper channels that its DS
record in the parent be updated, under what circumstances would the
parent refuse the update?
Authorization checks failing. I don't have specifics, but
conventional wisdom holds that if a registrar tries to designate a
dns operator with a registry, things still don't work so well.
Perhaps it's an industry legend, but I think there are folks
reluctant to try this.
(b) could publication of a CDS record in a signed child zone constitute
an authorised request?
I kind of doubt that the practice would be accepted widely.
There's a wide array of concerns in running registries. In some,
tracking transactions is one, so that any changes can be audited. In
these, one would pretty much be forced to funnel all requests into
one channel for tagging. Out of band communications (relative to the
registry) would be discouraged.
What I've posted are general, fuzzy, hand-waving reasons why CDS
wouldn't be a general solution. Arguing the other way, that CDS
would be general, is like arguing a negative which is fraught with
logic problems. This is why I wouldn't fight "against" CDS but just
won't dedicate time to examine it closely.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar You can leave a voice message at +1-571-434-5468
I'm overly entertained.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
