IETF Logo Mail Archive

Re: OFFTOPIC: DNSSEC groupthink versus improving DNS

Paul Vixie <vixie@isc.org> Thu, 07 August 2008 16:04 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6E63D3A6900; Thu, 7 Aug 2008 09:04:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.579
X-Spam-Level:
X-Spam-Status: No, score=-0.579 tagged_above=-999 required=5 tests=[AWL=2.020, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vRGQ8oB0IO+4; Thu, 7 Aug 2008 09:04:44 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 79A373A68EF; Thu, 7 Aug 2008 09:04:44 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KR7uP-0005A8-K7 for namedroppers-data@psg.com; Thu, 07 Aug 2008 16:00:13 +0000
Received: from [2001:4f8:3:bb:230:48ff:fe5a:2f38] (helo=nsa.vix.com) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <vixie@vix.com>) id 1KR7uL-00059a-OS for namedroppers@ops.ietf.org; Thu, 07 Aug 2008 16:00:11 +0000
Received: from nsa.vix.com (localhost [127.0.0.1]) by nsa.vix.com (Postfix) with ESMTP id BA910A6684; Thu, 7 Aug 2008 16:00:05 +0000 (UTC) (envelope-from vixie@nsa.vix.com)
From: Paul Vixie <vixie@isc.org>
To: bert hubert <bert.hubert@netherlabs.nl>
cc: Namedroppers <namedroppers@ops.ietf.org>
In-Reply-To: Your message of "Thu, 07 Aug 2008 15:42:37 +0200." <20080807134236.GA19024@outpost.ds9a.nl>
References: <489AD5E3.20708@nlnetlabs.nl> <20080807134236.GA19024@outpost.ds9a.nl>
X-Mailer: MH-E 8.0.3; nil; GNU Emacs 22.2.1
Date: Thu, 07 Aug 2008 16:00:05 +0000
Message-ID: <50190.1218124805@nsa.vix.com>
MIME-Version: 1.0
X-Vix-MailScanner-Information: Please contact the ISP for more information
X-MailScanner-ID: BA910A6684.5487C
X-Vix-MailScanner: Found to be clean
X-Vix-MailScanner-From: vixie@vix.com
Subject: Re: OFFTOPIC: DNSSEC groupthink versus improving DNS
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

> From: bert hubert <bert.hubert@netherlabs.nl>
> ...
> And this can't be good - it is leading us to make statements which are
> patently untrue, like "turn on DNSSEC to be safe".

"turn on DNSSEC so that some day we can stop fighting endless brushfires."

> But if you care about DNSSEC, please stop pretending DNSSEC is ready to
> deploy and just waiting for people to get around to it.

dnssec (the protocol) is ready to deploy.  the usability of the tools is
a bit low at the moment but that's expected in early days.

> ("You mean this goes down if I don't re-sign in time? Wow!").

BIND 9.6 will have online re-signing.  presumably others will also do this.

> But no matter what I feel - please everybody take a minute to read the
> symptoms of groupthink, and wonder if we are still doing the best job we
> can to improve DNS in the real world.
> 
> Because that is our goal. I hope. 

i'd like to avoid re-debating the need for dnssec every few weeks.  it's
been a decade and a half.  these debates are just distractions.  anyone
whose vision or business plan or past representations to customers or code
base is just not adaptable to dnssec, please simply indulge those of us
who can see a need for it and who think we know how to make it happen.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.23.0 | Report a Bug | By Email