On 20 Apr 2020, at 14:03, Tim Wicinski <tjw.i...@gmail.com> wrote: > This starts a Call for Adoption for draft-pwouters-powerbind > > The draft is available here: > https://datatracker.ietf.org/doc/draft-pwouters-powerbind/ > <https://datatracker.ietf.org/doc/draft-pwouters-powerbind/> > > Please review this draft to see if you think it is suitable for adoption > by DNSOP, and comments to the list, clearly stating your view.
This draft needs a more compelling problem statement, and a clear description of why other controls (e.g. reputational, contractual) are insufficient. [It's also possible that the draft just needs a clearer problem statement, rather than a more compelling one.] I identify with Warren's furrowed brow as he asked how this draft would protect against a rogue registrar or registry publishing a zone with a covertly-modified delegation, since such rogue behaviour would not be identified or suppressed by the mechanism proposed in this draft. This seems fundamental to the concept of "delegation-only" which is the central and sole consideration of this proposal. Perhaps more substantially, but with more rapid oscillation of hands, I am concerned that this draft, if adopted, will gain legitimacy in policy circles where it might actually do damage. An example might be where there is contractual or market pressure to require it for TLDs where its effect might be to cause suppressed orphan glue to break otherwise functional delegations. It seems better to me to understand the implications of the mechanism up front before it gets close to an RFC number, because those RFC numbers can smell deceptively potent. I would prefer this idea to be better fleshed out in these areas before the draft sees adoption, and hence I do not support adoption at this time. I understand the sentiment expressed by some others with the opinion that the proposal in any case does no harm since it's optional, but I find myself less optimistic about the future than they are. My day job is at a company responsible for a significant and venerable top-level domain. Lest anybody infer otherwise, let me confirm that we are very much in favour of measures that allow compliance to be ensured through automated and mechanical means and, correspondingly, for trust in our stewardship to be as close as possible to absolute. I am, in general, very open to ideas that would promote those things. However, I am not convinced that this proposal will get us there and I am concerned that the legitimacy that is associated with the work on this group might ultimately result in collateral damage. Joe
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
