> -----Original Message----- > From: dnsop-boun...@ietf.org [mailto:dnsop-boun...@ietf.org] On Behalf Of > Warren Kumari > Sent: Monday, April 16, 2012 11:55 PM > To: Livingood, Jason > Cc: Joe Abley; Nick Weaver; Tony Finch; dnsop; Paul Vixie; Evan Hunt > Subject: Re: [DNSOP] on "Negative Trust Anchors" > > I think that this is a useful document and is *really* needed to help > with DNSSEC deployment, and fully support it's publication (especially > if it comes with examples!)... > > The IETF publishing an RFC on this doesn't mean that folk will be > forced to use it (and not publishing it doesn't mean that folk won't) - > - if this were not true, we would have universal adoption of BCP 38, > everyone would be running v6 and all packets involved in SPAM / DoS > would have the Evil bit set...
Some of this conversation reminds me of the "X-" debate just wrapping up in apps, in that things that are supposed to be temporary often become permanent even if we tag them very explicitly as temporary. In that sense, I'm more sympathetic to the "no" side so far, but not enough to object. Also, a lot of things in apps space like to call out "MUST/SHOULD except if local policy says otherwise", and this strikes me as, basically, a kind of a local policy tool. I presume the idea is to describe a mechanism that works and is minimally destructive to encourage people away from more broken methods. In that sense, this is the right thing to do. So if this is going to go forward to publication, I would urge ample explanation of why we think this is necessary to document, but also advocate strongly in the document that the technique is meant to be a short-term solution for a problem that exists during gradual and un-coordinated DNSSEC rollout, and that support for it be dropped once DNSSEC has reached critical mass. Or something like that. -MSK _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
