Re: [DNSOP] New Version Notification for draft-pwouters-powerbind-00.txt (fwd)

Robert Edmonds <edmonds@mycre.ws> Mon, 19 March 2018 20:50 UTC

Return-Path: <edmonds@mycre.ws>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0C3B129C59 for <dnsop@ietfa.amsl.com>; Mon, 19 Mar 2018 13:50:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fSs2GUi-Qx7J for <dnsop@ietfa.amsl.com>; Mon, 19 Mar 2018 13:50:15 -0700 (PDT)
Received: from mycre.ws (mycre.ws [45.33.102.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4E3E12D95F for <dnsop@ietf.org>; Mon, 19 Mar 2018 13:50:15 -0700 (PDT)
Received: by chase.mycre.ws (Postfix, from userid 1000) id CD05A12C1A00; Mon, 19 Mar 2018 16:50:14 -0400 (EDT)
Date: Mon, 19 Mar 2018 16:50:14 -0400
From: Robert Edmonds <edmonds@mycre.ws>
To: dnsop@ietf.org
Message-ID: <20180319205014.rajzau6bvps7jr6p@mycre.ws>
References: <alpine.LRH.2.21.1803190813150.31565@bofh.nohats.ca> <20180319163434.GA25738@laperouse.bortzmeyer.org> <CA+nkc8CWtXOiXCVQf4iyJwBS1K4seLxsJmtZyRyz7yuCn+u8hQ@mail.gmail.com> <20180319194945.GG3322@mournblade.imrryr.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180319194945.GG3322@mournblade.imrryr.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/L-fMsIXxWpIkHwr9YrnYDovyM8A>
Subject: Re: [DNSOP] New Version Notification for draft-pwouters-powerbind-00.txt (fwd)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2018 20:50:17 -0000

Viktor Dukhovni wrote:
> The idea is to log the DNSKEY RRs observed at each zone apex.
> Without the proposed flag, one would also have to log denial of
> existence which would make the logs much too large.

Can you expand on what you mean by "much too large"? There are already
existing large scale passive DNS systems that log every RRset that they
observe, and on relatively modest amounts of hardware. Is transparency
for DNSSEC really all that less tractable than the "log every RRset"
problem?

-- 
Robert Edmonds