Re: [DNSOP] Fwd: New Version Notification for draft-pan-dnsop-swild-rr-type-00.txt
Matthew Pounsett <matt@conundrum.com> Fri, 11 August 2017 14:39 UTC
Return-Path: <matt@conundrum.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60F9513239C for <dnsop@ietfa.amsl.com>; Fri, 11 Aug 2017 07:39:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=conundrum-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nCojDBE1uXw0 for <dnsop@ietfa.amsl.com>; Fri, 11 Aug 2017 07:39:53 -0700 (PDT)
Received: from mail-ua0-x230.google.com (mail-ua0-x230.google.com [IPv6:2607:f8b0:400c:c08::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88EEA1324E6 for <dnsop@ietf.org>; Fri, 11 Aug 2017 07:39:51 -0700 (PDT)
Received: by mail-ua0-x230.google.com with SMTP id q25so15861447uah.1 for <dnsop@ietf.org>; Fri, 11 Aug 2017 07:39:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=conundrum-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=71zpqZyP6VmCrcplJiDWcjPf5KFJG7PXfaPsIL0EBPo=; b=QfvMWNFoErYbKSptjHebhk7SDOYt5vObGmm9PWGEC1nRcUJaNqiGIX5QFJQ+X92UXN kcBQNUhGLFMiMyY9gveJF4BRFSgM+xZxZp0Lz9SwPcFOVQu2EkJ5PbGdn1as7eUBrMGA 9TdlItqd+HherUoLAWA+OQwMeFW1y9I3N4/HYW8B9HhdXULQr0PqVQCehvjl6KsP66WD hGrhm+ktmL1lZF2NLFvA9tWadQ1Btis7ro8c8cNKZnt/ax6wCXKGsfE8gfrDeke44LMf ciXZxDJnQWSw0th9HrAMlHBR1h7Fm/mWVmvJrkUSsH84kc8uh6xcJuTrk4mbA5RoT3jY 3Y6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=71zpqZyP6VmCrcplJiDWcjPf5KFJG7PXfaPsIL0EBPo=; b=fHdy2BZxv/O2nFgexqlOmYHYdLjPBMkkQ6A5NcJwSoE6OMvh9qk0xU78K2uZJMDKyw ZZJrY+GOse+hh6uOjYYZhHLEm6RIyk8k7foOG+skbZNNdRyjLaFcAr/fdHFNK4tv8Y0I CgbPTACUNHiy69E5AAuy1nsAGwxRHuWQ/5MifxwrL5+ZQwhKL/ygun5gFt9VM/8888gm Rq4dy4TXGQzPlnstEXVt9G6wpu8Bdyh09io/7XUkhUDAGbOdmONPGhtU6Q4BtxoaRJeG IJGuzkIZHpcw4YeLzdB2n0TvtPpsOkn/1dzDToiuD4UlvGQZHk+bBzzq0OX4SOWDZ/w3 2p+g==
X-Gm-Message-State: AHYfb5gdnn7Caq3SGCoGLbsXBENzWZsEFE41DbKOrQXOtQNqWszpBQcL +zGLo6EURv5w6Ossp5e70uUjblvBpsUA
X-Received: by 10.176.81.137 with SMTP id g9mr11800864uaa.187.1502462390614; Fri, 11 Aug 2017 07:39:50 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.84.74 with HTTP; Fri, 11 Aug 2017 07:39:50 -0700 (PDT)
In-Reply-To: <CANLjSvVe99q4vtTW0TRopmQ0s9hC8HdMze5B6COs8Y_3unir5w@mail.gmail.com>
References: <149908054910.760.8140876567010458934.idtracker@ietfa.amsl.com> <CANLjSvU23OPMM=cETxBiV7j8UhMzMd426VuivxAtboMAB0=7jw@mail.gmail.com> <alpine.DEB.2.11.1707031317070.21595@grey.csi.cam.ac.uk> <CANLjSvXE4q9PSEc4txKM4OPKXVpT38N_PC2-fDHmihpk29ahcw@mail.gmail.com> <1197245d-6b9a-3c3b-82a0-dc6a1cc3de58@nic.cz> <CANLjSvVe99q4vtTW0TRopmQ0s9hC8HdMze5B6COs8Y_3unir5w@mail.gmail.com>
From: Matthew Pounsett <matt@conundrum.com>
Date: Fri, 11 Aug 2017 10:39:50 -0400
Message-ID: <CAAiTEH8ntOerB6MGKMS2xcCK3TL9n4fyLq6F+bpUY6oTUpWN8w@mail.gmail.com>
To: Lanlan Pan <abbypan@gmail.com>
Cc: Petr Špaček <petr.spacek@nic.cz>, dnsop <dnsop@ietf.org>, Vladimír Čunát <vladimir.cunat@nic.cz>
Content-Type: multipart/alternative; boundary="94eb2c1927aa15324205567b4946"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/VEn9cmLqsKdhH8cz01hPbl2Zq_4>
Subject: Re: [DNSOP] Fwd: New Version Notification for draft-pan-dnsop-swild-rr-type-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Aug 2017 14:39:55 -0000
On 11 August 2017 at 01:02, Lanlan Pan <abbypan@gmail.com> wrote: > >> We can get even better behavior from aggressive NSEC use. Here are >> advantages of aggressive NSEC use: >> - does not require changes to existing authoritatives or signed zones >> - less fragile (if we consider manual SWILD specification as an option) >> - supports wildcards with nodes below it >> > > Yes, aggressive NSEC use has advantages if: > 1) AUTH give NSEC RR. > 2) Every Intermediate Resolver supports DNSSEC validating and the NSEC > aggressive use. > It sounds like you're assuming that SWILD would be supported by caching servers that do not support DNSSEC or NSEC aggressive use. Why do you expect implementers would adopt SWILD before adopting these much older features? > > Yes, the aggressive NSEC is limited to DNSSEC-signed zones. I think that >> is okay: New features are provided only by the latest version of >> the protocol. >> > But: > 1) many wildcards occupy the Resolver cache, with no nodes below them. > 2) many wildcards AUTH not give NSEC RR. > 3) many resolvers not support DNSSEC validating, not to mention NSEC > aggressive use. > > On the view of new feature, SWILD can be an alternative simpler choice to > deploy. >
- [DNSOP] Fwd: New Version Notification for draft-p… Lanlan Pan
- Re: [DNSOP] Fwd: New Version Notification for dra… Tony Finch
- Re: [DNSOP] Fwd: New Version Notification for dra… Lanlan Pan
- Re: [DNSOP] Fwd: New Version Notification for dra… Petr Špaček
- Re: [DNSOP] Fwd: New Version Notification for dra… Lanlan Pan
- Re: [DNSOP] Fwd: New Version Notification for dra… Matthew Pounsett
- Re: [DNSOP] New Version Notification for draft-pa… Paul Hoffman
- Re: [DNSOP] Fwd: New Version Notification for dra… Richard Gibson
- Re: [DNSOP] Fwd: New Version Notification for dra… Lanlan Pan
- Re: [DNSOP] Fwd: New Version Notification for dra… Paul Vixie
- Re: [DNSOP] Fwd: New Version Notification for dra… Matthew Pounsett
- Re: [DNSOP] Fwd: New Version Notification for dra… Dave Crocker
- Re: [DNSOP] New Version Notification for draft-pa… Peter van Dijk
- Re: [DNSOP] New Version Notification for draft-pa… Matthew Pounsett
- Re: [DNSOP] Fwd: New Version Notification for dra… Lanlan Pan
- Re: [DNSOP] Fwd: New Version Notification for dra… Lanlan Pan
- Re: [DNSOP] Fwd: New Version Notification for dra… Paul Vixie
- Re: [DNSOP] Fwd: New Version Notification for dra… Mark Andrews
- Re: [DNSOP] Fwd: New Version Notification for dra… Lanlan Pan
- Re: [DNSOP] Fwd: New Version Notification for dra… Mark Andrews
- Re: [DNSOP] Fwd: New Version Notification for dra… Lanlan Pan
- Re: [DNSOP] Fwd: New Version Notification for dra… Vernon Schryver
- Re: [DNSOP] Fwd: New Version Notification for dra… Lanlan Pan
- Re: [DNSOP] Fwd: New Version Notification for dra… Vernon Schryver
- Re: [DNSOP] Fwd: New Version Notification for dra… Ted Lemon
- Re: [DNSOP] Fwd: New Version Notification for dra… Lanlan Pan
- Re: [DNSOP] Fwd: New Version Notification for dra… Mukund Sivaraman
- Re: [DNSOP] Fwd: New Version Notification for dra… Mikael Abrahamsson
- Re: [DNSOP] Fwd: New Version Notification for dra… Paul Vixie
- Re: [DNSOP] Fwd: New Version Notification for dra… Mukund Sivaraman
- Re: [DNSOP] Fwd: New Version Notification for dra… Mukund Sivaraman
- Re: [DNSOP] Fwd: New Version Notification for dra… Mikael Abrahamsson
- Re: [DNSOP] Fwd: New Version Notification for dra… Mukund Sivaraman
- Re: [DNSOP] Fwd: New Version Notification for dra… Paul Vixie
- Re: [DNSOP] Fwd: New Version Notification for dra… Lanlan Pan
- Re: [DNSOP] Fwd: New Version Notification for dra… Paul Vixie
- Re: [DNSOP] Fwd: New Version Notification for dra… Paul Vixie
- Re: [DNSOP] Fwd: New Version Notification for dra… Mark Andrews
- Re: [DNSOP] Fwd: New Version Notification for dra… Davey Song
- Re: [DNSOP] Fwd: New Version Notification for dra… Lanlan Pan
- Re: [DNSOP] New Version Notification for draft-pa… Ralf Weber
- Re: [DNSOP] New Version Notification for draft-pa… Lanlan Pan
- Re: [DNSOP] Fwd: New Version Notification for dra… Davey Song
- Re: [DNSOP] Fwd: New Version Notification for dra… Mikael Abrahamsson
- Re: [DNSOP] Fwd: New Version Notification for dra… Ted Lemon
- Re: [DNSOP] Fwd: New Version Notification for dra… Vernon Schryver
- Re: [DNSOP] Fwd: New Version Notification for dra… Paul Vixie
- Re: [DNSOP] Fwd: New Version Notification for dra… Paul Vixie
- Re: [DNSOP] Fwd: New Version Notification for dra… Vernon Schryver
- Re: [DNSOP] fragile dnssec, was Fwd: New Version John Levine
- Re: [DNSOP] Fwd: New Version Notification for dra… Paul Vixie
- Re: [DNSOP] Fwd: New Version Notification for dra… Vernon Schryver
- Re: [DNSOP] fragile dnssec, was Fwd: New Version Mark Andrews
- Re: [DNSOP] Fwd: New Version Notification for dra… Lanlan Pan
- Re: [DNSOP] fragile dnssec, was Fwd: New Version Petr Špaček
- Re: [DNSOP] Fwd: New Version Notification for dra… Paul Vixie
- Re: [DNSOP] fragile dnssec, was Fwd: New Version Matthew Pounsett
- Re: [DNSOP] fragile dnssec, was Fwd: New Version John R Levine
- Re: [DNSOP] New Version Notification for draft-pa… Ted Lemon
- Re: [DNSOP] fragile dnssec, was Fwd: New Version John R Levine
- Re: [DNSOP] New Version Notification for draft-pa… Ralf Weber
- Re: [DNSOP] fragile dnssec, was Fwd: New Version Mark Andrews
- Re: [DNSOP] fragile dnssec, was Fwd: New Version John R Levine
- Re: [DNSOP] fragile dnssec, was Fwd: New Version Mark Andrews
- Re: [DNSOP] updating fragile dnssec, was Fwd: New… John R Levine
- Re: [DNSOP] updating fragile dnssec, was Fwd: New… Patrik Fältström
- Re: [DNSOP] New Version Notification for draft-pa… Lanlan Pan
- Re: [DNSOP] New Version Notification for draft-pa… Lanlan Pan
- Re: [DNSOP] New Version Notification for draft-pa… Ted Lemon
- Re: [DNSOP] fragile dnssec, was Fwd: New Version John Levine
- Re: [DNSOP] New Version Notification for draft-pa… Warren Kumari
- Re: [DNSOP] New Version Notification for draft-pa… Lanlan Pan
- Re: [DNSOP] fragile dnssec, was Fwd: New Version Petr Špaček
- Re: [DNSOP] fragile dnssec, was Fwd: New Version A. Schulze