for what its worth I would like to chime in and support George’s view. The technique is NOT a lie per se. It's a stretch (well its the opposite of “stretch” - its a “compression”) of the intended contents of the denial of existence response, but it is not a lie as I see it. I would be far more comfortable as well with Shumon’s “Compact Denial of Existence” as a more accurate description of the technique.
regards, Geoff > On 2 Mar 2023, at 9:40 am, George Michaelson <g...@algebras.org> wrote: > > My opposition is philosophical and practical. > > the philosophical part, is that this is a SIGNED ASSERTION by the zone > authority. I don't think anything the zone authority says under a > signature should be called a lie, because the basis of verification is > that its exactly what was intended to be said about the state of the > zone. > > its incoherent, its potentially confusing, it needs to be understood, > sure. but I don't see this as a lie. > > the practical is that I think the IETF/OPS tendency to enjoy "puns" > causes huge confusion outside the cognoscenti. The re-use of the word > "peer" for instance has caused significant dismay to people in policy > or finance space who don't understand that a BGP peer does not mean > necessarily a peering zero-cost sum arrangement at layer 8 and 9 > (money). -If we use "lie" this freely, then when we want to > distinguish these signed lies from the intermediary altering payload > on-the-fly we're going to have a problem of comprehension. > > Having said that, I think I feel like a bit of a party pooper. What in > Australia would be called a "wowser" > > It's not a big deal btw. I'm not going to go to the AD and complain > about it or make a fuss at WGLC. I just think.. its the kind of > language which may not be helpful in the longer term. > > cheers > > George > > On Thu, Mar 2, 2023 at 7:33 AM Shumon Huque <shu...@gmail.com> wrote: >> >> Hi folks, >> >> We've posted a new draft describing the former "Black Lies" mechanism >> for authenticated denial, now renamed as "Compact Lies". >> >> https://datatracker.ietf.org/doc/draft-huque-dnsop-compact-lies/ >> >> We are hoping to discuss it here and at IETF116, and see if there is >> interest in adopting the work and publishing it. We feel that it deserves a >> stable published specification since it is now one of the dominant forms >> of authenticated denial deployed amongst the commercial online signers >> today (notably Cloudflare, NS1, and Amazon Route53). >> >> The draft includes the NXDOMAIN/Empty Non-Terminal distinguisher >> mechanism I described at IETF 111 ( >> https://datatracker.ietf.org/meeting/111/materials/slides-111-dnsop-sessb-black-lies-ent-sentinel-01 >> ) and currently implemented >> by NS1. >> >> Christian and I are currently discussing some tweaks to that mechanism >> which we will broach in a separate email thread shortly. This thread can be >> used for general comments on the topic of the draft. >> >> George Michaelson, in private email to me, has expressed the view >> that we shouldn't be calling these mechanisms "Lies" any more (I'm >> sure he will elaborate if he is inclined). I'm personally okay with that, >> and if >> there is agreement, we could just call this Compact Denial of Existence, >> and discard the "Lies" meme. >> >> Shumon >> > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
