IETF Logo Mail Archive

Re: [dnsext] comments on draft-crocker-dnssec-algo-signal-03

"Jeffrey A. Williams" <jwkckid1@ix.netcom.com> Thu, 30 July 2009 00:36 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3BB083A6A48; Wed, 29 Jul 2009 17:36:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.581
X-Spam-Level:
X-Spam-Status: No, score=-1.581 tagged_above=-999 required=5 tests=[AWL=-1.144, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7OuQMhctldE2; Wed, 29 Jul 2009 17:36:19 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 4300E3A693B; Wed, 29 Jul 2009 17:36:19 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1MWJY9-0008Hu-Im for namedroppers-data0@psg.com; Thu, 30 Jul 2009 00:31:13 +0000
Received: from [209.86.89.64] (helo=elasmtp-curtail.atl.sa.earthlink.net) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <jwkckid1@ix.netcom.com>) id 1MWJY0-0008HF-SR for namedroppers@ops.ietf.org; Thu, 30 Jul 2009 00:31:10 +0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=ix.netcom.com; b=ps8uf5fVdyUrZasr1aHMad2Sm3E5mxp7ylnqhqgConi8mSjGZGl1JiykkIrYwwKZ; h=Received:Message-ID:Date:From:Organization:X-Mailer:X-Accept-Language:MIME-Version:To:CC:Subject:References:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP;
Received: from [4.227.97.143] (helo=ix.netcom.com) by elasmtp-curtail.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <jwkckid1@ix.netcom.com>) id 1MWJXz-0007Kw-7C; Wed, 29 Jul 2009 20:31:04 -0400
Message-ID: <4A7104D5.41CBEDEF@ix.netcom.com>
Date: Wed, 29 Jul 2009 19:26:30 -0700
From: "Jeffrey A. Williams" <jwkckid1@ix.netcom.com>
Organization: IDNS and Spokesman for INEGroup
X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Michael Graff <mgraff@isc.org>
CC: namedroppers@ops.ietf.org
Subject: Re: [dnsext] comments on draft-crocker-dnssec-algo-signal-03
References: <4A702AE1.10201@isc.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-ELNK-Trace: c8e3929e1e9c87a874cfc7ce3b1ad11381c87f5e51960688bb7d4d20ad322d7f30a241bdf6aa2071350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 4.227.97.143
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

Micahel and all,

  I agree fully here...

Michael Graff wrote:

> Let me state some reasons I'm opposed to this draft's purpose, even
> though I think some part of it would be very interesting to pursue.
>
> (1)  This becomes a meta-type in practice.  It might prevent some
> lookups initially, but should a client ask for items that were not in
> the cache, the server would have to remember which algorithms it saw in
> the DNSKEY response to know which it could usefully retrieve with
> follow-on queries.  For example, a particular stub might support more
> algorithms than the cache it asks, so additional queries (including
> additional queries for the DNSKEY to obtain its signatures) would have
> to be generated.
>
> (2)  This solves a problem I do not fully believe is a problem, that of
> TCP fallback.  I've said it before, but chat servers, web servers, and
> other types of TCP-based servers handle many, many connections/sec and
> many, many sustained clients today.  I don't understand why DNS is
> different here, excepting perhaps that we have not encountered this
> situation until now.
>
> (3)  It solves a problem that I do not fully believe is a problem, that
> of fragmented packets.  There is no solid solution in this proposal that
> it WILL get packets through, only that it might have a better chance to
> do so.  Key rollover will still cause large packets and/or TCP fallback,
> which means only during rollover events will badness occur.  I'd rather
> it occur all the time rather than only in some situations.
>
> (4)  I believe the knowledge it would allow to be gathered -- that of
> which algorithms, hashes, etc. were in common use -- is very valuable.
> Perhaps a draft on "voluntary reporting of server capabilities" would be
> useful, where the data would be anonymous, infrequently (order days at
> least) reported, and collected into reports.  Knowing that RSA/SHA1 is
> not used any longer is very good information to know in terms of
> deprecating protocols, but using that as a filter seems unwise to me.
>
> --Michael
>
> --
> to unsubscribe send a message to namedroppers-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://ops.ietf.org/lists/namedroppers/>

Regards,

Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln
"YES WE CAN!"  Barack ( Berry ) Obama

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@ix.netcom.com
My Phone: 214-244-4827




--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.23.0 | Report a Bug | By Email