Re: [dane] Behavior in the face of no answer?

Paul Hoffman <paul.hoffman@vpnc.org> Mon, 07 May 2012 16:11 UTC

Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: text/plain; charset=us-ascii
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <A43EA9C9-5C6B-4594-9695-BA33DF22D7DB@ICSI.Berkeley.EDU>
Date: Mon, 7 May 2012 09:11:11 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <DFA2BEEF-529F-481F-8192-3A542A47AF62@vpnc.org>
References: <20120504021044.GB4560@mail.yitter.info> <B25C977F-6B4E-458C-879D-A36EDB94DA75@icsi.berkeley.edu> <20120504023602.GA4683@mail.yitter.info> <CABcZeBO93n_C5detefBcOjAoswe2inGKDj65gQPDQmREyGnhAw@mail.gmail.com> <20120504112922.GB4929@mail.yitter.info> <CABcZeBPTTa07iUHo9XL5WrHGMYHwaQzs6xYtiF25O4Jek8E3RQ@mail.gmail.com> <20120504144426.GD4929@mail.yitter.info> <CABcZeBOM_0L42Rng75AsVda9u4G=FH8=OB8Qg=nQpL-BzRoBuQ@mail.gmail.com> <20120504165512.GC7394@mail.yitter.info> <CABcZeBO4zRSa=JexqZ8uw7o26tM4SZk2GDivTAWD5ZF1pZR9Og@mail.gmail.com> <20120504194132.GF7394@mail.yitter.info> <alpine.LFD.2.02.1205041553030.7798@bofh.nohats.ca> <AD11709E-F662-492E-BE3B-23ADD82536F0@icsi.berkeley.edu> <C8A32DF2-E912-4D53-B0E3-D79852632A3E@kumari.net> <C8244A46-63BD-4903-B72C-6AB43413FB61@ICSI.Berkeley.EDU> <DEED37B2-216E-44DA-8EDC-8E4271BDCBD5@vpnc.org> <A6208FF0-4544-470C-BBBD-5C4E328C6EC4@ICSI.Berkeley.EDU> <B03C9DB5-9D31-43D6-8C9F-659A8871D33B@vpnc.org> <A43EA9C9-5C6B-4594-9695-BA33! DF22D7DB@ICSI.Berkeley.EDU>
To: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
Cc: IETF DANE WG list <dane@ietf.org>
Subject: Re: [dane] Behavior in the face of no answer?
Precedence: list

On May 7, 2012, at 8:56 AM, Nicholas Weaver wrote:

> On May 7, 2012, at 8:43 AM, Paul Hoffman wrote:
> 
>> If you believe that we should only standardize the perfect, not the good, that's fine. Others seek to standardize the good which can be upgraded to the perfect with no flag days, which is what is proposed here.
> 
> No, I believe we should standardize the good.

Good!

> If you wish to standardize the almost useless but can be upgraded to good with no flag day, but which upgrading to good requires replacing or bypassing a significant amount of brokenness on the Internet, say so.

I didn't say so because I don't consider the current proposal "almost useless". I hear that you do.

> Because DANE without nearly-hard-fail [1] on no data, not just BOGUS data, AND client-side validation, is no different that browser CRLs in terms of protection to the users in the face of an actual attack.

It is very different, but I hear that you don't believe that. Many of us believe that there can be integrity-protected communication with recursive resolvers that do DNSSEC, even if that is not common today.

--Paul Hoffman

[dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Tom Ritter
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Adam Langley
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Yoav Nir
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Yoav Nir
Re: [dane] Behavior in the face of no answer? Ondrej Mikle
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Adam Langley
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? John Gilmore
Re: [dane] Behavior in the face of no answer? Yoav Nir
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Tony Finch
Re: [dane] Behavior in the face of no answer? Tony Finch
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Tony Finch
Re: [dane] Behavior in the face of no answer? Scott Schmit
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Ondrej Mikle
Re: [dane] Behavior in the face of no answer? Tony Finch
Re: [dane] Behavior in the face of no answer? Ondrej Mikle
Re: [dane] Behavior in the face of no answer? John Gilmore
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Hoffman
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? Nicholas Weaver
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? Warren Kumari
Re: [dane] Behavior in the face of no answer? John Gilmore
Re: [dane] Behavior in the face of no answer? John Gilmore
[dane] Network errors ARE attacks - on the end-to… John Gilmore
Re: [dane] Behavior in the face of no answer? Mark Andrews
Re: [dane] Behavior in the face of no answer? Martin Rex
Re: [dane] Network errors ARE attacks - on the en… Martin Rex
Re: [dane] Network errors ARE attacks - on the en… Yoav Nir
Re: [dane] Network errors ARE attacks - on the en… Henry Story
Re: [dane] Network errors ARE attacks - on the en… Henry Story
Re: [dane] Network errors ARE attacks - on the en… SM
Re: [dane] Network errors ARE attacks - on the en… Michael Richardson
Re: [dane] Network errors ARE attacks - on the en… Andrew Sullivan
Re: [dane] Behavior in the face of no answer? Eric Rescorla
Re: [dane] Behavior in the face of no answer? Paul Wouters
Re: [dane] Network errors ARE attacks - on the en… Mark Andrews
Re: [dane] Network errors ARE attacks - on the en… Warren Kumari
Re: [dane] Network errors ARE attacks - on the en… Phillip Hallam-Baker