IETF Logo Mail Archive

Re: [dnsext] dnsextDNSSEC, robustness, and several DS records

Wes Hardaker <wjhns1@hardakers.net> Wed, 11 May 2011 18:49 UTC

Return-Path: <wjhns1@hardakers.net>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41E5FE06F5 for <dnsext@ietfa.amsl.com>; Wed, 11 May 2011 11:49:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zMAuL4zEHhOE for <dnsext@ietfa.amsl.com>; Wed, 11 May 2011 11:49:19 -0700 (PDT)
Received: from mail.hardakers.net (mail.hardakers.net [168.150.236.43]) by ietfa.amsl.com (Postfix) with ESMTP id BE0FEE0693 for <dnsext@ietf.org>; Wed, 11 May 2011 11:49:19 -0700 (PDT)
Received: from localhost (wjh.hardakers.net [10.0.0.2]) by mail.hardakers.net (Postfix) with ESMTPSA id 83D64201; Wed, 11 May 2011 11:48:48 -0700 (PDT)
From: Wes Hardaker <wjhns1@hardakers.net>
To: Edward Lewis <Ed.Lewis@neustar.biz>
References: <20110511080159.GA13132@nic.fr> <sdfwolcol1.fsf@wjh.hardakers.net> <a06240802c9f06b538985@[10.31.203.215]>
Date: Wed, 11 May 2011 11:48:48 -0700
In-Reply-To: <a06240802c9f06b538985@[10.31.203.215]> (Edward Lewis's message of "Wed\, 11 May 2011 12\:39\:23 -0400")
Message-ID: <sdy62d9ipb.fsf@wjh.hardakers.net>
User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/23.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Cc: dnsext@ietf.org
Subject: Re: [dnsext] dnsextDNSSEC, robustness, and several DS records
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2011 18:49:20 -0000

>>>>> On Wed, 11 May 2011 12:39:23 -0400, Edward Lewis <Ed.Lewis@neustar.biz> said:

>> 1) The zone publisher doesn't care which record is used...
>> 2) The zone publisher *wants* everyone to upgrade...
>> 3) The zone publisher *requires* everyone to upgrade...

EL> The zone publisher's wishes don't matter to DNSSEC.  DNSSEC is there
EL> to protect caches, first and foremost and that is what the protocol is
EL> designed to do.  The protocol does not convey the publishers wishes in
EL> any field.

That's another way of stating the problem, yes.  The protocol was
written to accommodate *one* view point of a publisher.  #2.  DNSSEC
is not a person, so it can't care.  Sure.  But it only supports #2 and #3.

EL> "Trying to teach a pig to sing will just annoy the pig."  DNSSEC is the pig.

Never said otherwise.
-- 
Wes Hardaker
Cobham Analytic Solutions

v2.23.0 | Report a Bug | By Email