Re: [DNSOP] call for adoption: draft-vandergaast-dnsop-edns-client-subnet
"Mark Delany" <f4t@november.emu.st> Thu, 12 February 2015 14:38 UTC
Return-Path: <f4t@november.emu.st>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 052E71A88E2 for <dnsop@ietfa.amsl.com>; Thu, 12 Feb 2015 06:38:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OsdPnyJd2bKr for <dnsop@ietfa.amsl.com>; Thu, 12 Feb 2015 06:38:15 -0800 (PST)
Received: from smtp1.bushwire.net (f5.bushwire.net [199.48.133.46]) by ietfa.amsl.com (Postfix) with SMTP id 193D21A8886 for <dnsop@ietf.org>; Thu, 12 Feb 2015 06:38:14 -0800 (PST)
Received: (qmail 68484 invoked by uid 1001); 12 Feb 2015 07:31:27 -0000
Delivered-To: qmda-intercept-dnsop@ietf.org
DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=s384; d=november.emu.st; b=Mo+mABtZxtX1X2AehSzk4UHS9YOIkiFNdC3ZB9dik3Zyt+to903UatSZaf0BijqG;
Comments: DomainKeys? See http://en.wikipedia.org/wiki/DomainKeys
DomainKey-Trace-MD: h=18; b=45; l=C18R71D32M65F41M32T18S39?43R60?53?54?69M17C50?66C27I81;
Comments: QMDA 0.3
Received: (qmail 68477 invoked by uid 1001); 12 Feb 2015 07:31:27 -0000
Date: Thu, 12 Feb 2015 07:31:27 +0000
Message-ID: <20150212073127.68476.qmail@f5-external.bushwire.net>
From: Mark Delany <f4t@november.emu.st>
Mail-Followup-To: dnsop@ietf.org
To: dnsop@ietf.org
References: <629002B1-7A32-4A83-ACA1-0185F5355641@gmail.com> <20141224195229.4342.qmail@f5-external.bushwire.net> <20150212065119.68256.qmail@f5-external.bushwire.net> <CAKr6gn1sjgyaavAZfoYSBSeNKd=9ysfKe52jyN_KO8in7NR0Zw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="CAghj3nbcHapFenH"
Content-Disposition: inline
In-Reply-To: <CAKr6gn1sjgyaavAZfoYSBSeNKd=9ysfKe52jyN_KO8in7NR0Zw@mail.gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/ZESI_NwEDf9hzv3zxBoJjGXa6W0>
Subject: Re: [DNSOP] call for adoption: draft-vandergaast-dnsop-edns-client-subnet
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Feb 2015 14:38:17 -0000
On 12Feb15, George Michaelson allegedly wrote: > > we've got two agencies who do DNS, and probably have > 20% worldwide > eyeball share in DNS (I don't know, thats a guesstimate) now doing > edns0_client_subnet albiet with whitelist, so its a permit-list, but its > functionally 'there' Whitelists are my biggest bugbear actually. All my other comments are nice-to-haves. I hear that Google now adaptively whitelist which is a nice strategy but I'd really like to see the whitelist approach deprecated as much as possible. (And yes, I understand MarkA's stats that show some small percentage of auth queries will break). I've been in other conversations lately where it was all about how do we get "pick some larger resolver" to whitelist us? We all know that doesn't scale. So interest appears to be growing. > Its probably already more widely deployed than IPv6... On the auth side I think you're right. It's the client side that's the missing link. But this is a classic alignment-of-interest problem. The relatively small number of auths who care implement, but there is little incentive on the resolver side. Mark.
- [DNSOP] call for adoption: draft-vandergaast-dnso… Suzanne Woolf
- Re: [DNSOP] call for adoption: draft-vandergaast-… Warren Kumari
- Re: [DNSOP] call for adoption: draft-vandergaast-… Paul Hoffman
- Re: [DNSOP] call for adoption: draft-vandergaast-… Paul Ebersman
- Re: [DNSOP] call for adoption: draft-vandergaast-… David C Lawrence
- Re: [DNSOP] call for adoption: draft-vandergaast-… Paul Wouters
- Re: [DNSOP] call for adoption: draft-vandergaast-… Allison Mankin
- Re: [DNSOP] call for adoption: draft-vandergaast-… Suzanne Woolf
- Re: [DNSOP] call for adoption: draft-vandergaast-… Warren Kumari
- Re: [DNSOP] call for adoption: draft-vandergaast-… Mark Delany
- Re: [DNSOP] call for adoption: draft-vandergaast-… Mark Delany
- Re: [DNSOP] call for adoption: draft-vandergaast-… George Michaelson
- Re: [DNSOP] call for adoption: draft-vandergaast-… Mark Delany
- Re: [DNSOP] call for adoption: draft-vandergaast-… Marcus Grando
- Re: [DNSOP] call for adoption: draft-vandergaast-… Livingood, Jason
- Re: [DNSOP] call for adoption: draft-vandergaast-… Livingood, Jason
- Re: [DNSOP] call for adoption: draft-vandergaast-… Livingood, Jason
- Re: [DNSOP] call for adoption: draft-vandergaast-… jewforice .
- Re: [DNSOP] call for adoption: draft-vandergaast-… Peter DeVries
- Re: [DNSOP] call for adoption: draft-vandergaast-… Marcus Grando
- Re: [DNSOP] call for adoption: draft-vandergaast-… Livingood, Jason
- Re: [DNSOP] call for adoption: draft-vandergaast-… Suzanne Woolf
- Re: [DNSOP] call for adoption: draft-vandergaast-… Paul Hoffman
- Re: [DNSOP] call for adoption: draft-vandergaast-… Mark Delany
- Re: [DNSOP] call for adoption: draft-vandergaast-… Warren Kumari