IETF Logo Mail Archive

Re: [DNSOP] DNSSEC as a Best Current Practice

Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> Mon, 21 March 2022 06:10 UTC

Return-Path: <mohta@necom830.hpcl.titech.ac.jp>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2FD53A11E6 for <dnsop@ietfa.amsl.com>; Sun, 20 Mar 2022 23:10:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5z0va1G_6sop for <dnsop@ietfa.amsl.com>; Sun, 20 Mar 2022 23:10:03 -0700 (PDT)
Received: from necom830.hpcl.titech.ac.jp (necom830.hpcl.titech.ac.jp [131.112.32.132]) by ietfa.amsl.com (Postfix) with SMTP id AF5423A11E4 for <dnsop@ietf.org>; Sun, 20 Mar 2022 23:10:02 -0700 (PDT)
Received: (qmail 40293 invoked from network); 21 Mar 2022 06:06:13 -0000
Received: from necom830.hpcl.titech.ac.jp (HELO ?127.0.0.1?) (131.112.32.132) by necom830.hpcl.titech.ac.jp with SMTP; 21 Mar 2022 06:06:13 -0000
Message-ID: <7aaed092-8877-ec15-9b7b-5d488e383d04@necom830.hpcl.titech.ac.jp>
Date: Mon, 21 Mar 2022 15:09:59 +0900
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
Content-Language: en-US
To: dnsop@ietf.org
References: <88A0AA7A-01B8-4C7E-9A9A-1FB29C9FB18B@icann.org> <DB3D832F-EA02-4F6C-ACAD-1A99E60425BF@icann.org>
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
In-Reply-To: <DB3D832F-EA02-4F6C-ACAD-1A99E60425BF@icann.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/4Jal2yzUTJ60KrzyDW8o-cxVMLw>
Subject: Re: [DNSOP] DNSSEC as a Best Current Practice
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2022 06:10:06 -0000

Paul Hoffman wrote:

> In the meantime, anyone interested can make suggestions on how to
> improve the draft so that it is nice and shiny when it come to the WG
> for adoption.

    it just
    indicates that the value of deploying DNSSEC is often considered
    lower than the cost.

is just wrong.

Constructive thing to do to make DNS secure is to totally abandon
DNSSEC and rely on DNS cookie or something like that.

						Masataka Ohta

v2.23.0 | Report a Bug | By Email