On Mar 20, 2017, at 3:44 PM, Russ Housley <hous...@vigilsec.com> wrote:
> This document does not describe a collaborative approach.
The document specifies what the working group needs to have happen in order for
the specification to work. How the collaboration happens is out of scope for
the homenet working group. The working group understands that a process needs
to be invented, and I believe that the document says so.
> Steve Crocker has already stated that he does not believe that entries that
> cannot be DNSSEC signed belong in the DNS root zone. I know that others
> share this view. For this reason, I do not think that the IETF should
> approve a document that specifies this processing until the root zone
> publication process is successful.
Yes, I understand that Steve Crocker has said this. And perhaps Steve
Crocker's opinion should be considered normative. However, like you, Steve
didn't give a technical reason why this policy must be applied universally,
even in the case of technical uses.
We have a legitimate question to answer here. It seems reasonable to say that
under the MoU, the IETF can designate a name for the use that homenet is trying
to designate. Maybe the IETF consensus will be that the IETF should not
designate this particular use. But it doesn't make sense to me that the IETF
should decide not to try to do what the working group thinks is the right thing
technically, because the process for doing this thing is not yet known. If
the IETF doesn't try to do this, the process will never be known. So I don't
see how this can be a valid technical objection to going forward with the
proposal.
> Further, the intent is that .homenet will be used with the DNS protocol.
> Section 3 of the document makes it very clear that users, applications,
> resolution APIs, and most resolvers will not to treat that domain name in a
> special in any way. For this reason, I do not think it meets the definition
> of a special-use domain name in RFC 6761, which says:
>
> ... if a domain name has special properties that affect the
> way hardware and software implementations handle the name, that apply
> universally regardless of what network the implementation may be
> connected to, then that domain name may be a candidate for having the
> IETF declare it to be a Special-Use Domain Name and specify what
> special treatment implementations should give to that name.
>
> So, I think that the desired outcome requires the use of the existing process
> to get it registered in the root zone and some standards-track RFC to
> describe the environment where:
>
> … Only a DNS server that is authoritative for the root ('.') or is
> configured to be authoritative for '.homenet' or a subdomain of
> '.homenet' will ever answer a query about '.homenet.’
I don't think this is a correct reading of RFC 6761. If it were, we could
drop most of the considerations in section 5 of the document.
As for the process, it may be that in the end, ICANN pushes back and says no,
absolutely not, we won't do this. But when they say that, they will give a
reason. It is their decision to make, not ours, as long as they don't violate
the MoU. Our decision is whether or not to ask them to make this decision.
Maybe there is a good reason not to ask them. If so, you haven't yet stated
that reason._______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
