Re: [DNSOP] old arguments unrelated to SRV-related _underscore registry (was Re: Call for Adoption: draft-crocker-dns-attrleaf)
Jared Mauch <jared@puck.Nether.net> Tue, 01 March 2016 23:46 UTC
Return-Path: <jared@puck.nether.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 592A11B329E for <dnsop@ietfa.amsl.com>; Tue, 1 Mar 2016 15:46:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.208
X-Spam-Level:
X-Spam-Status: No, score=-4.208 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.006, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PWQlDbWxPCMr for <dnsop@ietfa.amsl.com>; Tue, 1 Mar 2016 15:46:22 -0800 (PST)
Received: from puck.nether.net (puck.nether.net [204.42.254.5]) by ietfa.amsl.com (Postfix) with ESMTP id F25571B2BCE for <dnsop@ietf.org>; Tue, 1 Mar 2016 15:46:21 -0800 (PST)
Received: by puck.nether.net (Postfix, from userid 162) id AD012540684; Tue, 1 Mar 2016 18:46:21 -0500 (EST)
Date: Tue, 01 Mar 2016 18:46:21 -0500
From: Jared Mauch <jared@puck.Nether.net>
To: John R Levine <johnl@taugh.com>
Message-ID: <20160301234621.GA30545@puck.nether.net>
References: <20160301165633.71260.qmail@ary.lan> <56D5CA62.1030206@bellis.me.uk> <CAMm+LwjJ0xe2wDW98JHJfV5jV3xTeuMNguU=rkqrZMzmei2iHA@mail.gmail.com> <20160301225138.53AFB438DCC1@rock.dv.isc.org> <alpine.OSX.2.11.1603011813560.36649@ary.lan>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <alpine.OSX.2.11.1603011813560.36649@ary.lan>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/GaHlD1SthVCNey4ofAt3o_SVx4M>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] old arguments unrelated to SRV-related _underscore registry (was Re: Call for Adoption: draft-crocker-dns-attrleaf)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Mar 2016 23:46:23 -0000
On Tue, Mar 01, 2016 at 06:15:22PM -0500, John R Levine wrote: > >>The NDR record is deliberately free format because changing DNS > >>servers is HARD, no really it is ridiculously hard with a ten year > >>lag. Which is of course why we won't use a new record at all: > > > >Really? We have rpm's of new versions of named supplied within > >hours of ISC's public announcements of new named releases. I'm > >sure there are similar announcements for other nameserver vendors. > > I suppose I could say web based configuration crudware a few dozen more > times, but I doubt it would sink in any more than it has before. I've seen organizations that don't upgrade/patch software if they feel it can be mitigated with other technical means because alterting them would require hypothetical testing that they won't do. With the recent stream of security updates in the past 2-3 years to bash, OpenSSL, etc.. they have started to change their stance. I understand the goals of 'change one thing at a time' so it's easy to know what introduced the breakage, but at some point people who fail to upgrade will cease to work. I was helping with a router today where the lack of a proper clock meant it could not generate a SSH key because the crypto system would not work. We are creating a more fragile ecosystem at times for the sake of security, and things will break along the way. I have my opinions about techical malpractice in this space and have been guilty myself of it at times, but we can't let outdated people hold back forward progress. - Jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
- [DNSOP] Call for Adoption: draft-crocker-dns-attr… Tim Wicinski
- Re: [DNSOP] Call for Adoption: draft-crocker-dns-… Paul Wouters
- Re: [DNSOP] Call for Adoption: draft-crocker-dns-… John Levine
- [DNSOP] SRV-related _underscore registry (was Re:… Dave Crocker
- [DNSOP] comments ( was Re: Call for Adoption: dra… Dave Crocker
- Re: [DNSOP] SRV-related _underscore registry (was… John R Levine
- Re: [DNSOP] SRV-related _underscore registry (was… Ray Bellis
- Re: [DNSOP] comments ( was Re: Call for Adoption:… John Levine
- Re: [DNSOP] SRV-related _underscore registry (was… Phillip Hallam-Baker
- Re: [DNSOP] Call for Adoption: draft-crocker-dns-… Warren Kumari
- Re: [DNSOP] Call for Adoption: draft-crocker-dns-… joel jaeggli
- Re: [DNSOP] comments ( was Re: Call for Adoption:… Paul Wouters
- Re: [DNSOP] SRV-related _underscore registry (was… Dave Crocker
- Re: [DNSOP] SRV-related _underscore registry (was… John Levine
- Re: [DNSOP] SRV-related _underscore registry (was… Ray Bellis
- Re: [DNSOP] SRV-related _underscore registry (was… John Levine
- Re: [DNSOP] SRV-related _underscore registry (was… Ray Bellis
- Re: [DNSOP] SRV-related _underscore registry (was… Dave Crocker
- Re: [DNSOP] SRV-related _underscore registry (was… John R Levine
- Re: [DNSOP] SRV-related _underscore registry (was… Phillip Hallam-Baker
- Re: [DNSOP] SRV-related _underscore registry (was… John Levine
- Re: [DNSOP] SRV-related _underscore registry (was… Phillip Hallam-Baker
- Re: [DNSOP] SRV-related _underscore registry (was… Mark Andrews
- Re: [DNSOP] old arguments unrelated to SRV-relate… John R Levine
- Re: [DNSOP] old arguments unrelated to SRV-relate… Mark Andrews
- Re: [DNSOP] old arguments unrelated to SRV-relate… Jared Mauch
- Re: [DNSOP] old arguments unrelated to SRV-relate… John R Levine
- Re: [DNSOP] SRV-related _underscore registry (was… Phillip Hallam-Baker
- Re: [DNSOP] old arguments unrelated to SRV-relate… Mark Andrews
- Re: [DNSOP] Call for Adoption: draft-crocker-dns-… Dave Crocker
- Re: [DNSOP] SRV-related _underscore registry (was… Stuart Cheshire
- Re: [DNSOP] SRV-related _underscore registry (was… Phillip Hallam-Baker