[Yeti DNS Discuss] Yeti presentation at the IEPG for IETF 93

Paul Vixie paul at redbarn.org
Mon Jul 20 16:48:19 UTC 2015

some background:

Shane Kerr wrote:
> ...
> Attached please find the slides from the presentation that I made at the
> IEPG yesterday morning in Prague.
> At the end of the presentation, there were a lot of questions and
> concerns about the Yeti project, including:
> * Mentioning that the timing is really bad because of the NTIA
>   transition process.

since that process has been multi-year, and will be multi-year, we can't
stop all research that might be inconvenient for the people involved in
that process.

> * Mentioning that the DM model was a change that looks like it is
>   designed to have a non-unified root production.

that aspect of Yeti was designed to avoid creating a single new trusted
party. no matter whether such a party was american, chinese, or
otherwise, it would have been controversial.

so, a necessary third experiment for Yeti (where the first such
experiment is questioning whether the same namespace can be successfully
represented by a completely separate zone, and the second such
experiment is questioning whether an IPv6-only infrastructure is
workable) is to discover what happens when there's a shared KSK,
independent ZSK's, and independent zone file generators. this necessary
third experiment is controversial, but less so than creating a single
new trusted party would have been.

> * Suggestion that it looks like an effort to replace the existing IANA
>   root server system.

was that person wearing a hat made of tin foil, perhaps? we invited
every IANA root name server operator to join, and some still might.

> * A good suggestion by Olafur that each experiment should document why
>   it needs to run on Yeti instead of in a lab.

anything -- literally any design -- can be made to run successfully in a
test lab. that would have taught us nothing. we have to have scale, both
in the number of participants, and also in the diversity of the software
they use, the applications they run, the networks they operate.

for example, dnssec without DS RR's ran successfully in a test lab, but
failed in practice.

> There were many more. In general, people were respectful, and I am glad
> that they felt that they could talk about their questions and concerns
> in public.
> There is a lot of skepticism. My hope is that as we produce results and
> do not do anything evil that people will start to feel less scared.

thank you for your outreach. we're going to fight skepticism with sunlight.

Paul Vixie

More information about the discuss mailing list