Subject: CC1 ENUM LLC TAC Tier1A requirements V3.9 - Mike St.Johns comments From: "Pfautz, Penn L, NEO" Date: Wed, 18 May 2005 11:08:33 -0400 To: tac@lists.mci.com -----Original Message----- From: Mike StJohns [mailto:Mike.StJohns@nominum.com] Sent: Wednesday, May 11, 2005 5:58 PM To: Pfautz, Penn L, NEO Subject: RE: CC1 ENUM LLC TAC Tier1A requirements V3.9 At 10:15 AM 5/11/2005, Pfautz, Penn L, NEO wrote: >>Mike: >>Thanks for the quick response. I wanted to poke a little deeper on a few >>of them. >>1. Do you see DNSSEC as necessarily driving a mechanized (i.e. SRS-like) >>interface between Tier 1B and Tier 1A as opposed to just secure >>transport of records from Tier 1B to Tier 1A? Secure => authenticated with integrity. Issue with doing a manual interface (as is common in the registry space today) is that people accept too many things on faith. Better to specify a mechanical and automated interface than leave it to chance - especially this far up the tree. Of course, if there's no DNSSEC, then the question is how much effort do you put into the administration space. My thought is that the initial implementation will be harder than just pencil and paper, but much easier over the long run. >>2. In section 5.1.2 bullet 3 we're puzzling over what you meant by >>"atomic update". Was it replacement of the whole >>Zone dataset as an "atomic" entity or replacement of individual NS >>records? Given the Tier 1A size is a few thousand records at most, will >>it make a difference? The phrase "Provide a means to periodically generate the zone data from the Registry database" seems to imply the replacement of the live DNS zone data happens as a bulk push of the complete registry database to the live DNS, rather than as an incremental update of individual elements. It's OK to do it that way - but if you do, need to indicate that the entire zone will be updated as a unit once or twice a day (or some reasonable value). If you do it as individual elements, you should specify the delay from commitment to the registry until it appears in the live DNS zone (e.g. new delegations take 24 hours, update of NS records takes 4 hours, updates of glue A records takes... etc). It does matter because its an SLA parameter - for example, do you provide 5 minute updates at 3am on a sunday on a holiday weekend? What are the "emergency" parameters you want support for? >>3. Re comment msj2, do you see any relevant RFCs or BCP's missing from >>the Normative References section? I haven't done the detail review of this section, but a 1 minute look tells me the references for DNSSEC are wrong. As I said in other notes, the reference section needs the complete listing of every reference that's normative to ENUM, but this section needs the references that are "relevant IETF RFCs" to "Domain Name System Requirements" for Tier 1A registries. The reference section has more listings than are relevant to this narrower requirement. E.g. Only list the DNS server protocol RFCs for example. Or split the discussion between what the servers the registry runs need to implement vs things like the provisioning protocol. Hmm... OK - we talk about Tier1A servers, but we talk about them in terms of registry database (section 5.1.1). You and I know these are DNS servers - and authoritative DNS servers for 1.e164.arpa, but maybe would make sense to state that clearly. >>4. Re comment msj3, I think by "protocol security" was intended the use >>of secure protocols for data transmission between the Tier 1A and Tier >>1B registries and between Tier 1A primary and secondary name servers. Ah... OK - re-reading the text and my comments and this. Suggest instead "Security (integrity, authenticity) of communications between the components of the Tier 1A and 1B service (name servers, registry, etc)." or something similar. >>Thanks, >>Penn Pfautz >>AT&T >>732-420-4962 >>-----Original Message----- >>From: Mike StJohns [mailto:Mike.StJohns@nominum.com] >>Sent: Tuesday, May 10, 2005 5:36 PM >>To: sysop@enumllc.com; Pfautz, Penn L, NEO >>Cc: tac@lists.mci.com >>Subject: Re: CC1 ENUM LLC TAC Tier1A requirements V3.9 >> >> >>Attached is the 3.9 document with my comments where there were still >>some >>questions about what I meant. >> >>Sorry I wasn't able to make the call - I'm at a company meeting until >>tomorrow. >> >>At 04:15 PM 5/10/2005, ENUM LLC Sysop wrote: > >>> >In order to avoid future confusion on version numbers, this new > >>revision > >>> >has been posted as version 3.9 to the ENUMLLC TAC website: >>> > >>> >http://enumllc.com/tac/docs/t1a/Tier1A-reqv3.9May10.doc >>> > >>> > >>> >Pfautz, Penn L, NEO wrote: >> >>>> >>Attached is the Tier 1A document as revised on our call today. >>>> >>Note that there were several unresolved issues based on Mike St. > >>John's > >>>> >>comments which require clarification from >>>> >>Mike. >>>> >>Penn Pfautz >>>> >>AT&T >>>> >>732-420-4962