ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Deployment of standards compliant nameservers

2013-05-22 07:30:36
from [Yoav Nir] [Permanent Link] 

On May 22, 2013, at 3:10 PM, John C Klensin <john-ietf(_at_)jck(_dot_)com> 
wrote:




--On Tuesday, May 21, 2013 11:07 +0200 Stephane Bortzmeyer
<bortzmeyer(_at_)nic(_dot_)fr> wrote:


...
Although these tests certainly contributed to the good
technical quality of the name servers, they were removed both
for commercial reasons (a registry has to make money to pay
its employees) and because it was easier to have the same
rules for ccTLDs and gTLDs (and ICANN forbids these technical
tests in gTLDs).


Occasional fantasies about IETF enforcement power and the
Protocol Police notwithstanding, it seems to me that, if one
wanted to require standards-conforming nameservers, the most
(and maybe only) effective way to do that would be requirements
in the contractual agreements between TLD registries and their
registrants.  Recursively applying requirements down the tree is
not a new idea; RFC 1591 uses that language more than once.


We should be careful about requiring things like this (for whatever value of 
"we"). Recursively applying requirements means that "we" are requiring service 
providers (in this case registries) to pick fights with their customers. So 
instead of having an IETF protocol police, "we" expect service providers to act 
as local sheriffs.

It's not that service providers would never do this. There is some success in 
getting ISPs to shut down spammers, but they are likely to cooperate when the 
actions of the offenders are likely to damage either the service provider's 
infrastructure, or harm other customers.  This is not the case here. A DNS 
server that ignores unknown record types does not hurt anyone who only queries 
for A and AAAA records. And MX. It hurts people who try to deploy new record 
types, so for now, it hurts experiments. It reduces the likelihood of a major 
browser deploying a version with DANE enabled by default.  This is definitely 
harm, but beating one bad server into compliance does not fix the problem. 

So "we" would be asking service providers to take a step with positive costs 
(periodically testing servers, contacting customers, threatening them, and 
following up), all to prevent a kind of harm that would only be prevented if 
all other registrars in the world (or at least a vast majority) would do the 
same. And if that harm was mitigated, and all the DNS servers in the world were 
fixed, hardly anyone would notice.

Seems like a tough sell to me.

Yoav
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Deployment of standards compliant nameservers, John C Klensin
Next by Date:  Re: Last Call: <draft-jabley-dnsext-eui48-eui64-rrtypes-03.txt> (Resource Records for EUI-48 and EUI-64 Addresses in the DNS) to Proposed Standard, Joe Abley
Previous by Thread:  Re: Deployment of standards compliant nameservers, John C Klensin
Next by Thread:  RE: Deployment of standards compliant nameservers, Moriarty, Kathleen
Indexes:  [Date] [Thread] [Top] [All Lists]