On May 28, 2014, at 9:29 AM, Russ Housley <housley(_at_)vigilsec(_dot_)com>
wrote:
You have asked a question in a manner that assumes a technical assessment can
be made.
Correct. You (the IAB) are asking the IETF to obsolete a BCP (which means it
has the same requirements as a standards-track document). The BCP asserts some
technical properties; the IETF should be able to determine whether or not the
new technical properties are an appropriate replacement for the old ones.
I do not think that is the situation. Instead, I think the question is
whether the IETF is the proper organization to write a BCP about protocol
requirements for root servers and RSSAC is the right organization to write a
document about operational requirements for root servers. In short, this
more of a political question than a technical one. Back when RFC 2870 was
written, the IETF (rightly or wrongly) included both requirement sets in the
same document.
That seems fine, as long as the new document says that, which it does not. If
the IETF is going to replace this BCP with one that has a smaller scope, it
should say that up front and *not* refer to a document that we cannot yet read
and may, in fact, have very different properties than the one in the references
in this draft.
Current:
The operational requirements are defined in [RSSAC-001]. This
document defines the protocol requirements and some deployment
requirements.
Proposed:
This document only defines the protocol requirements and some
deployment requirements; the operational requirements that were
defined in RFC 2870 are removed. It is expected that ICANN's
RSSAC [RSSAC] will define the operational requirements.
[RSSAC] DNS Root Server System Advisory Committee,
http://www.icann.org/en/groups/rssac
From my perspective, IETF is the proper organization to write a BCP about
protocol requirements.
Yes, definitely.
RSSAC has been going through a restructuring process. Assuming that a
functional organization emerges from that process, RSSAC will be a fine
organization to handle the operational requirements.
Yep. But that doesn't mean that this BCP should have a reference to a document
we can't evaluate.
--Paul Hoffman