Re: [DNSOP] Extended CNAME (ENAME)
Olafur Gudmundsson <ogud@ogud.com> Tue, 20 May 2014 01:50 UTC
Return-Path: <ogud@ogud.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F06091A0463 for <dnsop@ietfa.amsl.com>; Mon, 19 May 2014 18:50:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pzQIoMxKaOhg for <dnsop@ietfa.amsl.com>; Mon, 19 May 2014 18:50:56 -0700 (PDT)
Received: from smtp117.ord1c.emailsrvr.com (smtp117.ord1c.emailsrvr.com [108.166.43.117]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23B531A045F for <dnsop@ietf.org>; Mon, 19 May 2014 18:50:55 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp7.relay.ord1c.emailsrvr.com (SMTP Server) with ESMTP id B47181B876F; Mon, 19 May 2014 21:50:54 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp7.relay.ord1c.emailsrvr.com (Authenticated sender: ogud-AT-ogud.com) with ESMTPSA id 3A34C1B9110; Mon, 19 May 2014 21:50:52 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
From: Olafur Gudmundsson <ogud@ogud.com>
In-Reply-To: <CF9FEC60.117E0%Bob.Halley@nominum.com>
Date: Mon, 19 May 2014 21:50:51 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <464D196B-69A8-47F3-8D3E-77B51EC7A64F@ogud.com>
References: <537A1771.5090905@sidn.nl> <20140519161241.39243.qmail@joyce.lan> <CF9FDBDD.117D1%Bob.Halley@nominum.com> <20140519234342.7555D16179D6@rock.dv.isc.org> <CF9FEC60.117E0%Bob.Halley@nominum.com>
To: Bob Halley <Bob.Halley@nominum.com>
X-Mailer: Apple Mail (2.1878.2)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/Y7_NYQ4PQwdhNUebMfyv_K2PBaY
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] Extended CNAME (ENAME)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 May 2014 01:50:59 -0000
On May 19, 2014, at 8:26 PM, Bob Halley <Bob.Halley@nominum.com> wrote: > On 5/19/14, 16:43, "Mark Andrews" <marka@isc.org> wrote: > >> No. Your analysis is faulty. >> >> ENAME could be used immediately once the authoritative servers for >> the zone support it. It would just be insecure until validators >> catch up. ENAME + old algorithm would be illegal and would be >> enforced by signing code and authoritative servers. > > I didn't say ENAME wouldn't work if you didn't validate. What I'm saying > is that proposals which are incompatible with existing DNSSEC should be > subject to the most rigorous scrutiny and cost-benefit analysis, and that > I don't think ENAME's benefits are worth its costs. Others may have > differing valuations. That's all I'll say on this matter. +1 Anything that requires logic changes in resolvers takes a long time to roll out. We can not afford having one more change that negatively affects DNSSEC validation. SRV use by HTTPv2 is mostly a client change, we will not need to wait for the 5+ year developmental + deployment cycle of upgraded resolver in certain OS distributions. As a matter of fact I recall that Mark wrote this document many years back: http://tools.ietf.org/html/draft-andrews-http-srv-00 If that draft had got traction then, the world would be a much better place today. Olafur
- [DNSOP] Extended CNAME (ENAME) Mark Andrews
- Re: [DNSOP] Extended CNAME (ENAME) Mark Delany
- Re: [DNSOP] Extended CNAME (ENAME) Paul Vixie
- Re: [DNSOP] Extended CNAME (ENAME) Mark Andrews
- Re: [DNSOP] Extended CNAME (ENAME) Ted Lemon
- Re: [DNSOP] Extended CNAME (ENAME) Joe Abley
- Re: [DNSOP] Extended CNAME (ENAME) Ted Lemon
- Re: [DNSOP] Extended CNAME (ENAME) Mark Andrews
- Re: [DNSOP] Extended CNAME (ENAME) Måns Nilsson
- Re: [DNSOP] Extended CNAME (ENAME) Patrik Fältström
- Re: [DNSOP] Extended CNAME (ENAME) Tim Wicinski
- Re: [DNSOP] Extended CNAME (ENAME) Andreas Schulze
- Re: [DNSOP] Extended CNAME (ENAME) Mark Andrews
- Re: [DNSOP] Extended CNAME (ENAME) Jelte Jansen
- Re: [DNSOP] Extended CNAME (ENAME) John Levine
- Re: [DNSOP] Extended CNAME (ENAME) Paul Hoffman
- Re: [DNSOP] Extended CNAME (ENAME) Mark Andrews
- Re: [DNSOP] Extended CNAME (ENAME) Paul Vixie
- Re: [DNSOP] Extended CNAME (ENAME) David C Lawrence
- Re: [DNSOP] Extended CNAME (ENAME) Ted Lemon
- Re: [DNSOP] Extended CNAME (ENAME) Bob Halley
- Re: [DNSOP] Extended CNAME (ENAME) Mark Andrews
- Re: [DNSOP] Extended CNAME (ENAME) Bob Halley
- Re: [DNSOP] Extended CNAME (ENAME) Paul Hoffman
- Re: [DNSOP] Extended CNAME (ENAME) Ted Lemon
- Re: [DNSOP] Extended CNAME (ENAME) Ted Lemon
- Re: [DNSOP] Extended CNAME (ENAME) Olafur Gudmundsson
- Re: [DNSOP] Extended CNAME (ENAME) Andrew Sullivan
- Re: [DNSOP] Extended CNAME (ENAME) Paul Vixie
- Re: [DNSOP] Extended CNAME (ENAME) Patrik Fältström
- Re: [DNSOP] Extended CNAME (ENAME) Masataka Ohta
- Re: [DNSOP] Extended CNAME (ENAME) Masataka Ohta
- Re: [DNSOP] Extended CNAME (ENAME) Jelte Jansen
- Re: [DNSOP] Extended CNAME (ENAME) Mark Andrews
- Re: [DNSOP] Extended CNAME (ENAME) Ben Laurie
- Re: [DNSOP] Extended CNAME (ENAME) Mark Andrews
- Re: [DNSOP] Extended CNAME (ENAME) Chris Thompson
- Re: [DNSOP] Extended CNAME (ENAME) Petr Spacek
- Re: [DNSOP] Extended CNAME (ENAME) Tony Finch
- Re: [DNSOP] Extended CNAME (ENAME) Patrik Fältström
- Re: [DNSOP] Extended CNAME (ENAME) Ted Lemon
- Re: [DNSOP] Extended CNAME (ENAME) Ted Lemon
- Re: [DNSOP] Extended CNAME (ENAME) Ted Lemon
- Re: [DNSOP] Extended CNAME (ENAME) Patrik Fältström
- Re: [DNSOP] Extended CNAME (ENAME) Ted Lemon
- Re: [DNSOP] Extended CNAME (ENAME) Jakob Schlyter
- Re: [DNSOP] Extended CNAME (ENAME) Mark Delany
- Re: [DNSOP] Extended CNAME (ENAME) Paul Vixie
- Re: [DNSOP] Extended CNAME (ENAME) Mark Andrews
- Re: [DNSOP] Extended CNAME (ENAME) Masataka Ohta
- Re: [DNSOP] Extended CNAME (ENAME) Paul Vixie
- Re: [DNSOP] Extended CNAME (ENAME) Mark Andrews
- Re: [DNSOP] Extended CNAME (ENAME) Masataka Ohta
- Re: [DNSOP] Extended CNAME (ENAME) Masataka Ohta
- Re: [DNSOP] Extended CNAME (ENAME) Mark Andrews
- Re: [DNSOP] Extended CNAME (ENAME) Masataka Ohta
- Re: [DNSOP] Extended CNAME (ENAME) Masataka Ohta
- Re: [DNSOP] Extended CNAME (ENAME) Patrik Fältström
- Re: [DNSOP] Extended CNAME (ENAME) Mark Andrews
- Re: [DNSOP] Extended CNAME (ENAME) Masataka Ohta
- Re: [DNSOP] Extended CNAME (ENAME) Mark Andrews
- Re: [DNSOP] Extended CNAME (ENAME) Klaus Malorny
- Re: [DNSOP] Extended CNAME (ENAME) Ralf Weber
- Re: [DNSOP] Extended CNAME (ENAME) Masataka Ohta
- Re: [DNSOP] Extended CNAME (ENAME) Saku Ytti
- Re: [DNSOP] Extended CNAME (ENAME) Klaus Malorny
- Re: [DNSOP] Extended CNAME (ENAME) Klaus Malorny
- Re: [DNSOP] Extended CNAME (ENAME) Tony Finch
- Re: [DNSOP] Extended CNAME (ENAME) Masataka Ohta
- Re: [DNSOP] Extended CNAME (ENAME) Tony Finch
- Re: [DNSOP] Extended CNAME (ENAME) Masataka Ohta
- Re: [DNSOP] Extended CNAME (ENAME) Tony Finch
- Re: [DNSOP] Extended CNAME (ENAME) Saku Ytti
- Re: [DNSOP] Extended CNAME (ENAME) Klaus Malorny
- Re: [DNSOP] Extended CNAME (ENAME) Mark Andrews
- Re: [DNSOP] Extended CNAME (ENAME) Andrew Sullivan
- Re: [DNSOP] Extended CNAME (ENAME) Dan York
- Re: [DNSOP] Extended CNAME (ENAME) Mark Andrews
- Re: [DNSOP] Extended CNAME (ENAME) John Levine
- Re: [DNSOP] Extended CNAME (ENAME) Ralf Weber
- Re: [DNSOP] Extended CNAME (ENAME) Mark Andrews
- Re: [DNSOP] Extended CNAME (ENAME) Mark Andrews
- Re: [DNSOP] Extended CNAME (ENAME) Masataka Ohta
- Re: [DNSOP] Extended CNAME (ENAME) Masataka Ohta
- Re: [DNSOP] Extended CNAME (ENAME) Masataka Ohta
- Re: [DNSOP] Extended CNAME (ENAME) S Moonesamy
- Re: [DNSOP] Extended CNAME (ENAME) Masataka Ohta
- Re: [DNSOP] Extended CNAME (ENAME) Mark Andrews
- Re: [DNSOP] Extended CNAME (ENAME) Tony Finch
- Re: [DNSOP] Extended CNAME (ENAME) Klaus Malorny
- Re: [DNSOP] Extended CNAME (ENAME) Tony Finch
- Re: [DNSOP] Extended CNAME (ENAME) Masataka Ohta
- Re: [DNSOP] Extended CNAME (ENAME) Masataka Ohta
- Re: [DNSOP] Extended CNAME (ENAME) Ray Bellis
- Re: [DNSOP] Extended CNAME (ENAME) Saku Ytti
- Re: [DNSOP] Extended CNAME (ENAME) Ted Lemon
- Re: [DNSOP] Extended CNAME (ENAME) Joe Abley
- Re: [DNSOP] Extended CNAME (ENAME) Andrew Sullivan
- Re: [DNSOP] Extended CNAME (ENAME) Tim Wicinski
- Re: [DNSOP] Extended CNAME (ENAME) John Levine
- Re: [DNSOP] Extended CNAME (ENAME) Ray Bellis
- Re: [DNSOP] Extended CNAME (ENAME) Florian Weimer
- Re: [DNSOP] Extended CNAME (ENAME) Andrew Sullivan