Re: [dnsext] dnsextDNSSEC, robustness, and several DS records

Edward Lewis <Ed.Lewis@neustar.biz> Wed, 11 May 2011 16:39 UTC

Return-Path: <Ed.Lewis@neustar.biz>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB391E07EC for <dnsext@ietfa.amsl.com>; Wed, 11 May 2011 09:39:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3XAWUVS1ZWcE for <dnsext@ietfa.amsl.com>; Wed, 11 May 2011 09:39:28 -0700 (PDT)
Received: from stora.ogud.com (stora.ogud.com [66.92.146.20]) by ietfa.amsl.com (Postfix) with ESMTP id 6B110E07D1 for <dnsext@ietf.org>; Wed, 11 May 2011 09:39:27 -0700 (PDT)
Received: from Work-Laptop-2.local (nyttbox.md.ogud.com [10.20.30.4]) by stora.ogud.com (8.14.4/8.14.4) with ESMTP id p4BGdPuT092284; Wed, 11 May 2011 12:39:26 -0400 (EDT) (envelope-from Ed.Lewis@neustar.biz)
Received: from [10.31.203.215] by Work-Laptop-2.local (PGP Universal service); Wed, 11 May 2011 12:39:26 -0400
X-PGP-Universal: processed; by Work-Laptop-2.local on Wed, 11 May 2011 12:39:26 -0400
Mime-Version: 1.0
Message-Id: <a06240802c9f06b538985@[10.31.203.215]>
In-Reply-To: <sdfwolcol1.fsf@wjh.hardakers.net>
References: <20110511080159.GA13132@nic.fr> <sdfwolcol1.fsf@wjh.hardakers.net>
Date: Wed, 11 May 2011 12:39:23 -0400
To: <dnsext@ietf.org>
From: Edward Lewis <Ed.Lewis@neustar.biz>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Scanned-By: MIMEDefang 2.68 on 10.20.30.4
Cc: ed.lewis@neustar.biz
Subject: Re: [dnsext] dnsextDNSSEC, robustness, and several DS records
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2011 16:39:28 -0000

At 7:13 -0700 5/11/11, Wes Hardaker wrote:

>1) The zone publisher doesn't care which record is used...
>2) The zone publisher *wants* everyone to upgrade...
>3) The zone publisher *requires* everyone to upgrade...

The zone publisher's wishes don't matter to DNSSEC.  DNSSEC is there 
to protect caches, first and foremost and that is what the protocol 
is designed to do.  The protocol does not convey the publishers 
wishes in any field.

"Trying to teach a pig to sing will just annoy the pig."  DNSSEC is the pig.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar                    You can leave a voice message at +1-571-434-5468

Now, don't say I'm always complaining.
Wait, that's a complaint, isn't it?