[RSSAC Caucus] Specific proposal for NSID in BCP40

[Paul Hoffman]

Greetings again. There was a long thread here about adding a MUST-level or SHOULD-level requirement to the update to BCP40 (RFC 7720) for RSOs providing unique NSID identifiers for each instance. (The draft is at <https://datatracker.ietf.org/doc/draft-hardaker-iab-rfc7720-bis/>; the repo for the draft is at <https://github.com/marcblanchet/rfc7720bis>).

In the repo, I suggested a new section be added for "Protocol Recommendations", to differentiate from "Protocol Requirements" and "Deployment Requirements" because I think that the unique NSID does not need to be a "MUST". It is useful for debugging, but if an RSO messes up and uses duplicate IDs, or somehow forgets to turn NSID on for some instances, the root server system will not be significantly harmed.

In that spirit, I propose the following for a new "Protocol Recommendations" section:

- SHOULD respond to queries that include an NSID [RFC5001] EDNS(0) option
with an identifier that is unique for each instance. At the time this
document is published, each root server operator deploys multiple instances,
so the instance identifier for the NSID response SHOULD include a sub-string
that identifies the root server operator. The identifier is only useful for
debugging and does not necessarily indicate any attribute of the instance
that is responding.

The wording here is a bit stilted because BCP40 does not yet define "instance", does not yet talk about anycast, and doesn't even really define "root server operator". If those are addressed before the document is finalized, the above wording can change as well.

Thoughts? 

--Paul Hoffman