My opposition is philosophical and practical. the philosophical part, is that this is a SIGNED ASSERTION by the zone authority. I don't think anything the zone authority says under a signature should be called a lie, because the basis of verification is that its exactly what was intended to be said about the state of the zone.
its incoherent, its potentially confusing, it needs to be understood, sure. but I don't see this as a lie. the practical is that I think the IETF/OPS tendency to enjoy "puns" causes huge confusion outside the cognoscenti. The re-use of the word "peer" for instance has caused significant dismay to people in policy or finance space who don't understand that a BGP peer does not mean necessarily a peering zero-cost sum arrangement at layer 8 and 9 (money). -If we use "lie" this freely, then when we want to distinguish these signed lies from the intermediary altering payload on-the-fly we're going to have a problem of comprehension. Having said that, I think I feel like a bit of a party pooper. What in Australia would be called a "wowser" It's not a big deal btw. I'm not going to go to the AD and complain about it or make a fuss at WGLC. I just think.. its the kind of language which may not be helpful in the longer term. cheers George On Thu, Mar 2, 2023 at 7:33 AM Shumon Huque <shu...@gmail.com> wrote: > > Hi folks, > > We've posted a new draft describing the former "Black Lies" mechanism > for authenticated denial, now renamed as "Compact Lies". > > https://datatracker.ietf.org/doc/draft-huque-dnsop-compact-lies/ > > We are hoping to discuss it here and at IETF116, and see if there is > interest in adopting the work and publishing it. We feel that it deserves a > stable published specification since it is now one of the dominant forms > of authenticated denial deployed amongst the commercial online signers > today (notably Cloudflare, NS1, and Amazon Route53). > > The draft includes the NXDOMAIN/Empty Non-Terminal distinguisher > mechanism I described at IETF 111 ( > https://datatracker.ietf.org/meeting/111/materials/slides-111-dnsop-sessb-black-lies-ent-sentinel-01 > ) and currently implemented > by NS1. > > Christian and I are currently discussing some tweaks to that mechanism > which we will broach in a separate email thread shortly. This thread can be > used for general comments on the topic of the draft. > > George Michaelson, in private email to me, has expressed the view > that we shouldn't be calling these mechanisms "Lies" any more (I'm > sure he will elaborate if he is inclined). I'm personally okay with that, and > if > there is agreement, we could just call this Compact Denial of Existence, > and discard the "Lies" meme. > > Shumon > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
