[DNSOP] DNSng-ish (was Re: key lengths for DNSSEC)

Andrew Sullivan <ajs@anvilwalrusden.com> Wed, 02 April 2014 23:31 UTC

Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8A661A0428 for <dnsop@ietfa.amsl.com>; Wed, 2 Apr 2014 16:31:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.141
X-Spam-Level:
X-Spam-Status: No, score=-0.141 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zUqbo2xMIi-6 for <dnsop@ietfa.amsl.com>; Wed, 2 Apr 2014 16:31:16 -0700 (PDT)
Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) by ietfa.amsl.com (Postfix) with ESMTP id B0E831A041D for <dnsop@ietf.org>; Wed, 2 Apr 2014 16:31:14 -0700 (PDT)
Received: from mx1.yitter.info (c-75-69-155-67.hsd1.nh.comcast.net [75.69.155.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id F2E538A031 for <dnsop@ietf.org>; Wed, 2 Apr 2014 23:31:07 +0000 (UTC)
Date: Wed, 02 Apr 2014 19:31:06 -0400
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: dnsop@ietf.org
Message-ID: <20140402233105.GD56668@mx1.yitter.info>
References: <78F386B0-BC6B-4159-B9D4-4BFEB10252A6@rfc1035.com> <1D0A45EF-E5D3-468D-BA08-E45FEF4399DE@dnss.ec> <CAMm+LwgNoNhg7wSO+wqCGujBSfC4Fu3cwMPu2nTmkdvDwAD5Mw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAMm+LwgNoNhg7wSO+wqCGujBSfC4Fu3cwMPu2nTmkdvDwAD5Mw@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/5esBhGg-pR7UDgxWwJG1y8MGVlw
Subject: [DNSOP] DNSng-ish (was Re: key lengths for DNSSEC)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Apr 2014 23:31:20 -0000

On Wed, Apr 02, 2014 at 07:21:11PM -0400, Phillip Hallam-Baker wrote:

> Which is why I have been pushing the notion that if we are going to do DNSE
> then part of the DNSE solution should be to get us out of the single
> response packet straightjacket.

I've seen what you've had to say on that, and what I just don't
understand yet is how that answer is deployable.  That is, how is what
you are suggesting there (and in your other discussions of this topic)
not "replace DNS"?  Or, if it is, why don't we just do a new protocol
completely?  We could fix the internationalization issues.  We could
ditch UDP and in a single blow eliminate a major source of DDoS on the
Internet.  And so on.

The only problem is getting everyone to upgrade.  No?

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com