WG Chair Hat OFF
On 05/12/2008, at 7:28 PM, David Conrad wrote:
Geoff,
[No hat. Really. Personal opinion only]
On Dec 4, 2008, at 10:50 PM, Geoff Huston wrote:
From time to time the IETF heads into areas where its role
intersects with the roles of other bodies,
Yep. Like (say) IPv6 and IPSEC requirements and the interaction
with national crypto laws where the decision was made to choose the
technically correct solution in the face of concerns that national
laws would make deployment more difficult or even impossible (I
remember a particularly interesting plenary in Danbury where that
topic was 'discussed')...
The draft is not advocating that IANA does, or does not do any
particular action with respect to the publication of TA material.
[many, many words elided]
ahh, but they were many fine words! :-)
A little more of that form of rational process would, I believe,
assist the SIDR WG to make the appropriate call here as well.
This may come as a surprise, but I do not necessarily disagree with
what you have said. Because of personal experience, I am probably
more aware of the political ramifications of single root issues than
most here and as a result can see arguments both ways as to
appropriate directions to take regarding trust anchor(s).
However, I am unaware of any public discussion in which those trust
anchor issues have been broached much less addressed. In the case
of DNSSEC, there was little, if any, discussion about the
operational realities of attempting to deploy DNSSEC including trust
anchor issues and IANA's role. As a (arguably) direct result, we're
now 12 years into deployment and have gotten minimal traction. It
would be tragic to repeat that particularly sad history with RPKI.
Presumably, the goal here is to get something that can actually be
deployed...
There are of course many possible reasons for this rather sad state of
affairs in DNSSEC, but I must admit that I find it rather difficult to
believe that a lack of an IETF debate on this topic would be at the
heart of this particular saga (DNSSEC).
I would gently suggest that attempting to ignore the politically
sensitive issues (whether they be national politics or ICANN/RIR
politics) by not addressing the underlying cause of those issues is
leading us down the exact same potentially non-terminal path you
express concerns about (particularly when the NRO representative at
the ICANN meeting waves a bouquet of red flags at the assembled
governance officials during the plenary and when it becomes a topic
of discussion and not necessarily in a good way (I'm told) at the
IGF). The ant mound has already been stirred. Pretending you're
not covered in honey is unlikely to have a positive outcome.
I'm sorry, but I'm completely unaware of this circumstance you are
reporting here. However, I suppose that it is illustrative of the
state of affairs we live in these days where these matters enjoy such
political sensitivity.
If you wish to argue that the treatment of trust anchors should not
be in the res-certs draft, that's fine as long as you follow it up
with 'it should be in X' (and you define 'X' :-)). I believe it
important that there be an open discussion about the pros and cons
of the various trust anchor models and any recommendation be made in
a transparent manner. I reiterate my belief that if IANA is going to
be a participant in a trust anchor or anchors, it needs to be called
out explicitly in the IANA Considerations section, but that's merely
my opinion (like the entirety of this note).
I am arguing that the res-cert draft is appropriately phrased in
making no particular call on IANA to represent itself as the "root" TA
fpr the RPKI, and arguing that the draft is appropriate in that it
paints the picture that the selection of TA material is a matter for
relying parties to determine and simply describes how TA material can
be packaged in a way that creates stable TA material. i.e. I am not
heading down the path of saying where it should be - I am limiting
myself to a "not here please" statement.
My related observation is pretty much the same as yours - these are
thorny matters with many interests and perspectives. I for one don't
see this matter being resolved by a simple SIDR WG discussion - oh no
- thats just the opening statements in something that I fear will
carry on, like DNSSEC, for a decade or longer. So maybe I should just
reconcile myself to the fact that progress on these drafts is not
going to be glacial - its going to be geological, and I should spare
my fingers the trouble of typing too much too early, becuase it seems
that this particualr set of issues is going to be hanging around for
decades, like this complete set of SIDR WG drafts. Oh what fun. not.
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
