Re: [DNSOP] Privacy and DNSSEC
Paul Vixie <paul@redbarn.org> Wed, 29 April 2020 04:49 UTC
Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F6EF3A003D for <dnsop@ietfa.amsl.com>; Tue, 28 Apr 2020 21:49:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nJkzYZosOm1g for <dnsop@ietfa.amsl.com>; Tue, 28 Apr 2020 21:49:52 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [24.104.150.213]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C50DF3A003B for <dnsop@ietf.org>; Tue, 28 Apr 2020 21:49:52 -0700 (PDT)
Received: from linux-9daj.localnet (vixp1.redbarn.org [24.104.150.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 6F148B074A; Wed, 29 Apr 2020 04:49:52 +0000 (UTC)
From: Paul Vixie <paul@redbarn.org>
To: Shumon Huque <shuque@gmail.com>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>
Date: Wed, 29 Apr 2020 04:49:51 +0000
Message-ID: <21757930.7KVZAQyxnt@linux-9daj>
Organization: none
In-Reply-To: <CAHPuVdXBaBG27v2hyD1bpp+9YxC5BvTjL5ojqXw7yc17Ufpk7A@mail.gmail.com>
References: <CAHPuVdV9eSCLQOqMF0cq8fHcuSZs7nCgjhHMfMoaV5H=ekbtSA@mail.gmail.com> <18685549.zqRq8fnmLB@linux-9daj> <CAHPuVdXBaBG27v2hyD1bpp+9YxC5BvTjL5ojqXw7yc17Ufpk7A@mail.gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Rty15Pw3JWMWf8WbX7OEUnME_EI>
Subject: Re: [DNSOP] Privacy and DNSSEC
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Apr 2020 04:49:56 -0000
On Wednesday, 29 April 2020 01:17:04 UTC Shumon Huque wrote: > ... > > Paul - I guess I'm missing some background here. In what sense did > getting DS working throw validating stubs overboard? Do you mean it > took the focus away from them? no. i mean that the decision to require a "clear path" for DNSSEC meant that no DNSSEC-dependent application has ever received investment. for example, DANE is interesting in the SMTP market because that's small and geeky, but will never be adopted by the Web because there are too many endpoints who cannot do stub validation and too many who will never be able to. building a DNSSEC-dependent product or service would be commercial suicide. whatever we had to do to prevent this, no matter what the cost, up to and including putting keys and signatures into TXT records, would have been more in keeping with our own long term rational self interest and the goal of DNSSEC ubiquity. if as i expect history passes DNSSEC by other than for DANE/ SMTP and SSHFP and protection of RDNS caches, it will be due to the "clear path" design decision. imagine the WWW launching as it did in the early 1990's but in a way that could not work on any desktop whose DNS server was from an earlier era. i hope we can agree that it would have failed, and that its failure would have inspired something more like the WWW we actually know, which works, and worked, everywhere. -- Paul
- Re: [DNSOP] New draft on delegation revalidation Mark Andrews
- [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Bob Harold
- Re: [DNSOP] New draft on delegation revalidation Tim Wicinski
- Re: [DNSOP] New draft on delegation revalidation Brian Dickson
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Stephane Bortzmeyer
- Re: [DNSOP] New draft on delegation revalidation Stephane Bortzmeyer
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation John Levine
- Re: [DNSOP] New draft on delegation revalidation Paul Vixie
- Re: [DNSOP] New draft on delegation revalidation Paul Vixie
- Re: [DNSOP] New draft on delegation revalidation Puneet Sood
- Re: [DNSOP] New draft on delegation revalidation Ólafur Guðmundsson
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation John R Levine
- Re: [DNSOP] New draft on delegation revalidation Bob Harold
- Re: [DNSOP] New draft on delegation revalidation Gavin McCullagh
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Patrick Mevzek
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Patrick Mevzek
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Joe Abley
- Re: [DNSOP] New draft on delegation revalidation Vladimír Čunát
- Re: [DNSOP] New draft on delegation revalidation Giovane C. M. Moura
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Gavin McCullagh
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] Privacy and DNSSEC Vladimír Čunát
- Re: [DNSOP] Privacy and DNSSEC Paul Vixie
- Re: [DNSOP] Privacy and DNSSEC Masataka Ohta
- Re: [DNSOP] Privacy and DNSSEC Vittorio Bertola
- Re: [DNSOP] New draft on delegation revalidation Joe Abley
- Re: [DNSOP] New draft on delegation revalidation Paul Vixie
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] Privacy and DNSSEC Shumon Huque
- [DNSOP] Client Validation - filtering validation? Brian Dickson
- Re: [DNSOP] Privacy and DNSSEC Paul Vixie
- Re: [DNSOP] Privacy and DNSSEC Mark Andrews
- Re: [DNSOP] New draft on delegation revalidation Giovane C. M. Moura
- Re: [DNSOP] Client Validation - filtering validat… Vittorio Bertola
- Re: [DNSOP] Client Validation - filtering validat… Paul Wouters
- Re: [DNSOP] Client Validation - filtering validat… S Moonesamy
- Re: [DNSOP] Client Validation - filtering validat… John Levine
- Re: [DNSOP] Client Validation - filtering validat… Paul Vixie
- Re: [DNSOP] Privacy and DNSSEC Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] Privacy and DNSSEC Paul Vixie
- Re: [DNSOP] Privacy and DNSSEC Shumon Huque
- Re: [DNSOP] Privacy and DNSSEC Paul Wouters
- Re: [DNSOP] Privacy and DNSSEC Shumon Huque
- Re: [DNSOP] Privacy and DNSSEC Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Daniel Migault
- Re: [DNSOP] Privacy and DNSSEC Paul Vixie
- Re: [DNSOP] Privacy and DNSSEC Paul Vixie
- Re: [DNSOP] New draft on delegation revalidation Giovane C. M. Moura
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Daniel Migault
- Re: [DNSOP] New draft on delegation revalidation Giovane C. M. Moura
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Petr Špaček
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Giovane C. M. Moura
- Re: [DNSOP] New draft on delegation revalidation Petr Špaček
- Re: [DNSOP] New draft on delegation revalidation Paul Vixie
- Re: [DNSOP] New draft on delegation revalidation Gavin McCullagh
- Re: [DNSOP] New draft on delegation revalidation Shumon Huque
- Re: [DNSOP] New draft on delegation revalidation Paul Vixie