Re: [Danish] Proposed WG Charter

Ash Wilson <ash.wilson@valimail.com> Tue, 15 June 2021 17:45 UTC

Return-Path: <ash.wilson@valimail.com>
X-Original-To: danish@ietfa.amsl.com
Delivered-To: danish@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3782D3A37E0 for <danish@ietfa.amsl.com>; Tue, 15 Jun 2021 10:45:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vRApQXKJccNm for <danish@ietfa.amsl.com>; Tue, 15 Jun 2021 10:45:27 -0700 (PDT)
Received: from mail-qv1-xf30.google.com (mail-qv1-xf30.google.com [IPv6:2607:f8b0:4864:20::f30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AB953A37DC for <danish@ietf.org>; Tue, 15 Jun 2021 10:45:26 -0700 (PDT)
Received: by mail-qv1-xf30.google.com with SMTP id r19so101740qvw.5 for <danish@ietf.org>; Tue, 15 Jun 2021 10:45:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=KTin0/8nb275s1s7lKTQEmcCDeKtg5/J8hxs2+fK/9A=; b=F25S97q+T4k/HwSXZDS9h7rJK8tELuzDO+G53C4M9uRvbXs2ZgcXbeePjXOipNZ4E6 6TuDP5SM4Gv3JFPksz37Gp9uxkMVgRfM4H/cyn9/tQgNSOyafZa6zIhrMMhuiNzyO0pw LdbXWi/j0qMnP+YLHORtANycfqKvlF8Q8UtN5t2GA9pvhmky8bxgcWYXEaoQXW4jXKib Q2oEQif8yUu604tRMckC75FOBnNVecXMzjE3yo7HcKDhdKYJ+NSePNkd3E/aUBwFc69P cCxmPXUkMCq+i5L4woF7JqJfzxXxAtNz/O/TDdipeBJTPumNNjze4Wtd7Uy9OpcTMHjD hWgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KTin0/8nb275s1s7lKTQEmcCDeKtg5/J8hxs2+fK/9A=; b=C/tZRXsznA3wtwlO1+vXzt+FxVoJYKvcLl2Y10vZZQQaKUnLtJmEDC8uqJF3oobS5w B2uwZFoL3MGLbLcd4KHvcYNxScd+HcqM8cg8YBbQytObZPlf5LTkR9UvFDuzlpBE9ziX 3EGMcmKJ2+MaKD3uQLjl6c6t/C0sVSMeWHNKN1AtZGjcePtFl0AEx3dT2TIu1TRhqolI 12811zVrW4PBuVGo5x8okMsRFLERo4CZmTgPQR54gS7wFMgAwBjlCY+uQxlk2+VGJ/Ry 5NNXJDqnRzPM2/nf5SKi01ZvT1q/B7WZvX7lB+Wfjt/+VcWRhyb8k60n19DRjC1aqAeC CAiA==
X-Gm-Message-State: AOAM531jwtdBPwyByXKRU+nrJMUfC057h/J+rjGRiYiBIcNzqcXX5pgK rKrRY47hXIqcNGcPhaHmQFXjvLd/N4A1Dg6cdoWqR4zi+5s=
X-Google-Smtp-Source: ABdhPJx8B6+7rq+s9eqWZfzSmiVtogACQ+6cOtmqwOYEWaGUam4+DlnHswZXwQmLILXc0dmrbQ64edH71juVUMfaD0Y=
X-Received: by 2002:a05:6214:c6b:: with SMTP id t11mr6159969qvj.31.1623779125027; Tue, 15 Jun 2021 10:45:25 -0700 (PDT)
MIME-Version: 1.0
References: <CAEfM=vRA4P7As25Krc64Q5QTEuQZidpmzWgXWivOxOm8x-9ZAw@mail.gmail.com> <YMZwG/l/pne2tHJF@straasha.imrryr.org> <4978.1623625466@localhost> <A0ECC05F-14D3-4370-B3CF-B27DCE94F613@vpnc.org> <CAEfM=vRO6MuirYSBnD+1UeAjKycaPXaJBSrmmRUB5y9x_fX_oQ@mail.gmail.com> <YMftxgW6NhcKfhZV@straasha.imrryr.org> <CAHPuVdVA40xVt49C5vjz=30fYkj1EUHAQrw2X5F9mrEt6_=bTA@mail.gmail.com> <YMgDpgoFw/7YS5zn@straasha.imrryr.org> <9617.1623777714@localhost>
In-Reply-To: <9617.1623777714@localhost>
From: Ash Wilson <ash.wilson@valimail.com>
Date: Tue, 15 Jun 2021 10:45:13 -0700
Message-ID: <CAEfM=vQDsNxsTy9d84snygq8hAxRuncXm_CaxYPCuxVwACATgw@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: danish@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f0f99805c4d18909"
Archived-At: <https://mailarchive.ietf.org/arch/msg/danish/WxcP0vsfaY137WVOPEYNv51Ym2Q>
Subject: Re: [Danish] Proposed WG Charter
X-BeenThere: danish@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DANE AutheNtication for Iot Service Hardening <danish.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/danish>, <mailto:danish-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/danish/>
List-Post: <mailto:danish@ietf.org>
List-Help: <mailto:danish-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/danish>, <mailto:danish-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jun 2021 17:45:32 -0000

On Tue, Jun 15, 2021 at 10:22 AM Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
>     >> I can also say from personal experience that deploying DNSSEC in
>     >> a large complex enterprise remains extremely challenging. Some of
> the
>     >> largest commercial DNS providers in the world have had constant
>     >> challenges handling the scale of my employer's signed DNS (ask me
>     >> offline sometime and I'll spill the beans). And just a few weeks
> ago, I
>     >> found another critical DNSSEC bug in one of the major open source
>     >> DNS implementations.
>
>     > For new applications one need not sign an existing legacy domain,
>     > it is easy to register a new dedicated domain that's signed from
>     > the getgo.
>
> I was going to say the same thing.
> It also has the advantage of not having to deal with the marketing
> department.
>
> {However, it's a shame that example.com can't register devices.example.com
> directly.... or rather that DNSSEC can't jump over the insecured
> example.com.}
> So one winds up with devices-example.com or some such situation.
>

Purchasing a new domain for work use, when you work within a large company,
isn't always quick or easy. Sometimes you have an existing delegation to
work with (labs.example) and if DNSSEC is not a requirement for
exploration, you don't need to go through justification and procurement
before getting started.


>     > There may be some minor obstacles along the way, but it rather looks
>     > like the software stacks are or will soon be ready to meet them head
> on.
>
>     > The specs produced by DANISH will not change the world overnight, the
>     > design should not be anchored in the past.
>
> We are in agreement here:  that's why I removed the mitigation as a work
> item
> from the initial charter.  I think that we should still think about it
> though.
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>            Sandelman Software Works Inc, Ottawa and Worldwide
> --
> Danish mailing list
> Danish@ietf.org
> https://www.ietf.org/mailman/listinfo/danish
>


-- 

*Ash Wilson* | Technical Director
*e:* ash.wilson@valimail.com

This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.