IETF Logo Mail Archive

Re: [dnsext] Clarifying the mandatory algorithm rules

Edward Lewis <Ed.Lewis@neustar.biz> Mon, 14 March 2011 19:12 UTC

Return-Path: <Ed.Lewis@neustar.biz>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 118463A6E06 for <dnsext@core3.amsl.com>; Mon, 14 Mar 2011 12:12:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.559
X-Spam-Level:
X-Spam-Status: No, score=-102.559 tagged_above=-999 required=5 tests=[AWL=0.040, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JP61LuLz923h for <dnsext@core3.amsl.com>; Mon, 14 Mar 2011 12:12:03 -0700 (PDT)
Received: from stora.ogud.com (stora.ogud.com [66.92.146.20]) by core3.amsl.com (Postfix) with ESMTP id D5E933A6B5A for <dnsext@ietf.org>; Mon, 14 Mar 2011 12:12:02 -0700 (PDT)
Received: from Work-Laptop-2.local (gatt.md.ogud.com [10.20.30.6]) by stora.ogud.com (8.14.4/8.14.4) with ESMTP id p2EJDJe2024300; Mon, 14 Mar 2011 15:13:19 -0400 (EDT) (envelope-from Ed.Lewis@neustar.biz)
Received: from [10.31.200.110] by Work-Laptop-2.local (PGP Universal service); Mon, 14 Mar 2011 15:13:26 -0400
X-PGP-Universal: processed; by Work-Laptop-2.local on Mon, 14 Mar 2011 15:13:26 -0400
Mime-Version: 1.0
Message-Id: <a06240801c9a416b7739a@[10.31.200.110]>
In-Reply-To: <AANLkTikKPPoJRnp_7xgxoirBhkyA2=Z6E8g-Eenju8dp@mail.gmail.com>
References: <alpine.BSF.2.00.1011180553250.83352@fledge.watson.org> <4CE51293.5040605@nlnetlabs.nl> <a06240801c9101620d463@192.168.128.163> <22284.1290447209@nsa.vix.com> <4CF4D54B.5000407@nlnetlabs.nl> <20110310223438.978E9C0E902@drugs.dv.isc.org> <4D79DDFA.3010006@nlnetlabs.nl> <alpine.BSF.2.00.1103140901170.99213@fledge.watson.org> <a06240800c9a3c90e2f16@10.31.200.110> <AANLkTikKPPoJRnp_7xgxoirBhkyA2=Z6E8g-Eenju8dp@mail.gmail.com>
Date: Mon, 14 Mar 2011 15:13:07 -0400
To: dnsext@ietf.org
From: Edward Lewis <Ed.Lewis@neustar.biz>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Scanned-By: MIMEDefang 2.68 on 10.20.30.4
Cc: Edward Lewis <Ed.Lewis@neustar.biz>
Subject: Re: [dnsext] Clarifying the mandatory algorithm rules
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Mar 2011 19:12:04 -0000

At 12:09 -0300 3/14/11, Brian Dickson wrote:

>While technically correct, I think there is a holistic concern.
>
>All who use DNSSEC, have a vested interest in ensuring that it is, on
>the whole, as secure as possible.

The goal is not "as secure as possible."  Begin with DNS as it was 
defined before DNSSEC. It emphasized speed, reliability, and most 
importantly scaleable management.   DNSSEC came along to address the 
architectural vulnerability of the need for caches.  DNSSEC's target 
was to lower the gullable nature of the architecture while having as 
little impact on the original DNS as possible.

Security is never the end goal.  It is a means to an end.  The end, 
in the DNS service model, is the delivery of the answer given a 
question.
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar                    You can leave a voice message at +1-571-434-5468

Me to infant son: "Waah! Waah! Is that all you can say?  Waah?"
Son: "Waah!"

v2.23.0 | Report a Bug | By Email