Hello Ted and dnsop,
and sorry for delayed answer (below). Your message forced me to think
more about the draft, this time without focus on the wire format.
Spoiler alert: I still do not like the proposal in its current form.
Please see below.
On 21.7.2017 10:22, Ted Lemon wrote:
> I am hearing from a number of people that this is "a new protocol" and
> hence requires careful thought and perhaps a new working group, along
> with the associated delay. I do not _entirely_ disagree with this
> position, although it would be really inconvenient from my perspective.
>
> However, I would like to point out that the objection "it is a new
> protocol" is not a technical objection. Also, the same objection can
> actually much more justly be raised against several other proposals that
> were brought before the working group. For example, the multiple
> RRtypes proposal, the multiple responses proposal, and the extended
> error codes proposal.
>
> All of these define new protocol, in ways that are in, like session
> signaling, backward-compatible with the existing protocol. The other
> proposals are actually much more significant changes than session
> signaling is, in terms of what they actually do, as opposed to what
> their wire format is.
Okay, I can see what you mean - there surely are various levels of
complexity and protocol changes proposed in the last years for dnsop.
However I disagree that adding session signalling to DNS is less
significant change than e.g. multi-query/repose proposals.
As you said, session signalling is a "control plane for DNS", which is a
very new thing. Keeping (IMHO significant) wire format issues aside,
adding a control plane to DNS is in my eyes a significant new
development and should be treated as such.
> And as for a new DNS wire format, which I also think would be a good
> idea, this is pretty clearly /not /what session signaling is. How
> would you do a DNS query with session signaling? In what way would it
> be an improvement over the existing query format? It's possible that a
> new wire format can be built on top of session signaling, but session
> signaling doesn't build a new wire format, and if we choose to do
> session signaling, that doesn't preclude doing a different wire format
> for queries later.
Maybe one of the problems is that the current draft mixes three
things in a single document:
- The new wire format,
- DNS control plane,
- Session signaling functionality over the control plane.
This is probably making things way harder to explain to non-authors than
necessary.
These really are separate things. I can imagine that control plane
and potentially its wire format can be together in one document (but I'm
still not convinced that the a wire format is necessary), but session
signaling functionality itself should be certainly separate from that.
Let's keep discussion about the wire format for later, there is even
more significant issue ahead of us:
> Session signaling is just a control plane for DNS. It's useful. I
> would like to see it done sooner rather than later. If we are not
> going to do it sooner rather than later, I would like the reason to be
> something more than vague unease about walking backwards into a new wire
> format.
The problem is that current proposal is creating some generic "control
DNS plane" as by-product of session signaling functionality, as we were
discussion during dnsop session.
(References: "Totally flexible format" & "Concerned with embedding DNS
messages in TLVs" in [2].)
I believe that we really should not invent such generic mechanisms as
by-products.
If a WG agrees that a generic DNS control plane is needed, then it needs
to be carefuly designed and described, including problem statement and
analysis related to current and potential new transports. These are
compleretely missing now.
Moreover, the dnsop is specifically chartered to subset of possible
changes [1] to the DNS protocol:
4. Publish documents to address operational issues with the DNS
protocols by extending or performing protocol maintenance
on them. Act as focal-point for operator discussion and provide
advice to the Ops ADs and other WGs on EDNS0 options, new
RRTYPEs, DNSSEC, record synthesis, or other mechanics of
extending DNS to support other applications.
5. Serve as a home for drafts that document the problem space
around existing or new DNS issues. The group, with the advice
and consent of the responsible AD in coordination with other areas,
will then decide whether these issues belong in DNSOP under
the existing charter and, if not, will work with the authors and
appropriate ADs to determine the proper place for the work to be
carried out.
For me, adding control plane is just stretching this definition too far.
If session signaling is covered by this charter then we must admit
that dnsop can do anything it wants to the DNS protocol.
[1] http://mailarchive.ietf.org/arch/msg/dnsop/MOFBFQAaZ2iZUDje3zWNBRn9xKQ
[2] https://datatracker.ietf.org/meeting/99/materials/minutes-99-dnsop
Again:
If there is a need for a "DNS control plane" then it should be enginered
as such and not invented as by-product of something else.
Yes, it is a lot of work. And yes, it should start with problem
statement for control plane (in general) and continue from there.
I hope it explains why I still do not like the current proposal.
Thank you for your attention.
Petr Špaček @ CZ.NIC
>
> On Fri, Jul 21, 2017 at 10:02 AM, Petr Špaček <petr.spa...@nic.cz
> <mailto:petr.spa...@nic.cz>> wrote:
>
> On 20.7.2017 19:09, Andrew Sullivan wrote:
> > On Thu, Jul 20, 2017 at 06:59:42PM +0200, Ondřej Surý wrote:
> >>> But it's certainly another step along the way to DNSbis by accident.
> >>
> >> Would it be useful to make it not "by accident"?
> >
> > Yes. That was basically the point I was trying to make at the
> > beginning of today's session, about overall analysis.
> >
> > > b) make this draft DNS-SD only, so it can fast forward...
> >>
> >
> > I'm not keen on this.
> >
> >
> >> c) use the changed paradigm to work on DNSbis without the accident
> part?
>
> Yes please!
>
> My main opposition comes from fact that current session signaling draft
> "accidentaly" defines new protocol which is using the old DNS-RFC1035 as
> "transport".
>
> I would welcome DNSbis effort with clear cut. Here please note that
> clear cut does not mean that RR format and data, for example, has to be
> incompatible!
>
> It is still possible to share big chunks of specifications (like RR
> definitions, namespace, etc.) but define a DNSbis protocol which is
> clearly distinguishable from the old DNS.
>
> Petr Špaček @ CZ.NIC
>
> > I'm starting to wonder whether a bof is needed. Maybe the IAB's
> > workshop will produce some fruit?
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
