Re: OFFTOPIC: DNSSEC groupthink versus improving DNS

[Duane <duane@e164.org>]

Paul Vixie wrote:
> you are both missing the point of that document.  it's not a six minute
> presentation.  but after you sit through that presentation, you can get
> dnssec running in six minutes.  (we've measured.)  which is not to say
> that dnssec is easy -- i know that at ISC we're thinking seriously of
> dedicating the whole BIND 9.7 release to dnssec tools and usability.

I never mentioned anything about the time of the presentation or time to
set it up, my comment was how convoluted and complicated the process is
caused me to to instantly dislike it due to that reason.

> you can use whatever TTL you want.  but more importantly, are you saying

I realise this, but I was under the mistaken assumption, before Bert
corrected me that sigs were generated on the fly and were only valid for
a small window.

> we should discard a protocol because of the quality of early implementations
> especially in terms of usability?  because if that were true i'm pretty
> sure TCP/IP should have been shot dead back in 1985 or so.  likewise X11,
> BSD, Linux, Windows, and MAC/OS.

Ummm a good 'security' model in this sense would be to look at the
credit card industry, unless payment gateways are down merchants are
instantly notified of problems with credit cards, not 30 days later.

> duane, i understand why bert's a dnssec denier.  but i urge you to study
> the historical debates and the threat models document and think carefully
> before you climb on that bandwagon.

Oh please give me a little credit here and drop the 'denier' nonsense
right now, that term is often used as an emotive response that has no
basis in logic or reason where the underlying argument is weak in order
to silence criticisms.

-- 

Best regards,
 Duane

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>