I wanted to come back to the status of the discussions.
We have an ongoing discussion of the changes Marc made on the -02. My read of
the feedback is that the update has done the right things, but:
1) Paul Hoffman’s clarifications & editorial changes seem useful, but I would
like to hear what others think. Marc, you should respond to those as well.
2) Mark Andrews’ suggestion of further requirements regarding reserved bits was
discussed, but should proceed separately.
3) Mark Andrews' suggestion of further requirements regarding EDNS0 has not
been discussed, but I would note that at this stage we should not add major
requirements without substantial community portion indicating that this is
needed. I’m not hearing it.
4) I’ve also received feedback from IESG members that the text about moving
2870 to Historic in Section 1.1 could be problematic. While I’m not sure that
is necessarily the case, I think this draft merely replaces 2870, so I am not
sure we need to say anything more. I have confirmed with the IAB that it does
not believe the part about moving 2870 to Historic is necessary. Does anyone
object to this change?
With regards to the earlier discussions in the last call in the summer, Marc’s
message discussed some of the things where an agreement was clearly found. I
don’t think I need to report further on that. However, I wanted to highlight a
few other items:
I believe there is rough consensus to publish an updated BCP (subject to some
detailed clarifications, still ongoing). There was some discussion about
whether it is appropriate for the IETF to do this, but my read of the
discussion is that the topic was explored and that a reasonable division of
work between the RSSAC and IETF exists, even with some roughness of the
opinions within the group. The IETF role in this case is to provide high-level
requirements for the service. Specifically for this service, even if some
broader statements have been made about all nodes previously. But is not our
role to enforce anything or deal with the operational issues.
There was some discussion of the meaning of the requirements currently in the
document, and whether clarifying text was needed to specify whether they apply
to individual nodes or the service. Michael Richardsson (among others) has
supported the current text as it really is about the service. This is another
topic where there is some roughness in the group, but I believe the initial
question has been adequately answered and has at least some support in the
group.
A big problem last summer was that we did not yet have a document from the
RSSAC. With the stable RSSAC document now available, it is possible to proceed.
From my read of the commentary, the following items may deserve further
thought. Marc, can you deal with these?
* Joe Abley’s comment about qualifying the requirement to answer queries from
any valid IP address with respect to operational events (such as attacks).
While I believe the operational issues are indeed in the RSSAC scope, I think
we should qualify our requirement to be subject to operational issues.
* Klaas Wieranga’s Secdir review made a suggestion about privacy related to
root queries, and how caching mitigates some of the concerns. Text could be
added about this, although it is of course somewhat obvious state of affairs.
I’ll leave it to the editor’s discretion what to do here.
Jari
signature.asc
Description: Message signed with OpenPGP using GPGMail