A document called "DNSSEC Trust Anchor Publication for the Root Zone"
that says nothing about the most common KSK publication practice, that
is, by resolver software developers, is woefully incomplete.
If instead the document is supposed to be about current ICANN
publication only, then the document should be retitled, given a better
abstract, and give the actual URLs for the current KSK and describe the
formats used for the current data. It should not make speculation about
other URLs nor about other format options. It should not talk about the
publication of possible future KSKs because that is not what ICANN is
doing now.
On 5 Oct 2015, at 10:14, Joe Abley wrote:
Hi Paul,
On 5 Oct 2015, at 9:52, Paul Hoffman wrote:
Given that the title and abstract of this document disagree with what
many people here have said they want the document to discuss, if the
WG adopts this work item, please adopt an exact description of what
is wanted with the expectation that this draft could be changed to
fit the description.
I still believe the description of the document people want is best
done by ICANN because it is ICANN who can describe what the
publication process is today.
I think we're conflating a couple of things that could perhaps be
better considered separately.
Yes, definitely.
1. This document could be published by ICANN through the IETF if they
want to make it part of the historical record (what we did in
2009/2010) and also provide a reference to current practice that is
easier to find (and doesn't have DRAFT written all over it) than the
current reference that I think is only buried within root-dnssec.org.
There's precedent for this, see e.g. RFC 7108 which was published as
an individual submission. If we followed the same path, we'd be
looking at dnsop to review for clarity and accuracy, but we wouldn't
be asking for adoption.
If the main issue is "it's too hard to find the current publication
procedure", then ICANN should (and can) fix this easily. We can also
take the stupid "DRAFT" designation off.
Publishing an RFC about how ICANN published something in 2010 seems like
a waste of time, even for historical purposes. It will cause more
confusion than benefit.
2. The current draft was originally written by me as ICANN staff and
Jakob as an ICANN contractor. If there's a need to add current ICANN
staff to the author list to make it look more official, surely we
could do that (as we did with 7108, actually, which was published
after I left ICANN).
No one has even vaguely suggested this, and if they do, I'd be happy to
try to talk them out of it.
3. If ICANN prefers not to see this draft published in the RFC series,
then that's a good reason not to do it. The value in this document
(wherever it is published) lies in it being real, which means we need
ICANN's support, e.g. through references in the KSK maintainer's DPS.
If that's the preference, let's hear so, clearly. Right now it's
difficult to distinguish between individual contributors' opinions and
the desires of the IANA Functions Operator.
You are fully and painfully aware of how difficult it is to get "ICANN"
to state a preference. I'm bringing this up as an individual who has
read the document carefully and believes that the document only
partially matches current publication practice for the trust anchor,
even if the document is retitled and has a more accurate abstract.
4. If there are elements in the current text that don't match current
practice, then let's hear what they are.
Current practice for what? Publication? Publication by ICANN? It is
somewhat unfair to ask this question when WG participants have different
expectations for the document.
So far comments to that effect are causing some alarm, but without
details it's hard to know what to do with them.
Bosh. I gave you details off-line last week, and you acknowledged them.
It is clear that people commenting on this thread are not reading the
document listed in the subject line carefully, because most /all who
have said that they want the document published follow up with a
description of something that does not match the the current document.
--Paul Hoffman
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
