ietf
[Top] [All Lists]

Re: draft-housley-two-maturity-levels-00

2010-06-22 11:11:21
I disagree.

For changes such as DNSSEC there is no way to move as many parts of the
industry as need to be involved with an Internet draft. Microsoft is not
going to implement a draft in Windows Server, neither is Apple.

Operational experience in this case means at a minimum taking two conformant
DNS servers and having them exchange messages successfully. But that is
several orders of magnitude less than Internet wide deployment.

But anyone who knows PKI and looks at the current specs knows that what is
described there is not sufficient to deploy on. No liability model for a
start. And the assumption that a new form of PKI is going to suddenly deploy
in three weeks time using a technology base entirely different from
X.509v3/PKIX without any concurrence between the two is interesting to say
the least.

So when an infrastructure change is being proposed there has to be a
starting point for a technical discussion that has a pretty high degree of
buy-in, even though the ultimate shape of the infrastructure is unknowable
at that point. Most of what is finally deployed as DNSSEC will look like the
current proposal. But there will be important differences and those need to
be captured.


On Sun, Jun 20, 2010 at 10:41 AM, Dave CROCKER <dhc(_at_)dcrocker(_dot_)net> 
wrote:



On 6/20/2010 11:53 AM, SM wrote:

The reader will note that neither implementation nor operational
experience is required. In practice, the IESG does "require
implementation and/or operational experience prior to granting Proposed
Standard status".



Well, they do not /always/ require it.


That said, the fact that they often do and that we've lived with the
reality of that for a long time could make it interesting to simplify things
significantly:

  1.  Have the current requirements for Draft be the entry-level
requirement for a standard  -- do away with Proposed, not Draft.

  2.  Have a clear demonstration of industry acceptance (deployment and
use) be the criterion for "Internet Standard" (ie, Full.)

Having two interoperable implementations required for /all/ new
specifications takes care of two interesting questions.

     a.  Whether the specification can be at all understood.

     b.  Whether there is any meaningful industry motivation to
         care about the work.

With these two questions satisfied, the nature of challenges against
standardization might tend to be more pragmatic than theoretical.


d/

--

 Dave Crocker
 Brandenburg InternetWorking
 bbiw.net

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf




-- 
Website: http://hallambaker.com/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf