Re: [DNSOP] Fundamental ANAME problems

Christian Huitema <huitema@huitema.net> Sat, 03 November 2018 01:24 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D20D12958B for <dnsop@ietfa.amsl.com>; Fri, 2 Nov 2018 18:24:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M1pkxjFYV75Y for <dnsop@ietfa.amsl.com>; Fri, 2 Nov 2018 18:24:36 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 302D3130E0E for <dnsop@ietf.org>; Fri, 2 Nov 2018 18:24:36 -0700 (PDT)
Received: from xsmtp03.mail2web.com ([168.144.250.223]) by mx62.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1gIkfw-0002qE-O3 for dnsop@ietf.org; Sat, 03 Nov 2018 02:24:34 +0100
Received: from [10.5.2.35] (helo=xmail10.myhosting.com) by xsmtp03.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1gIkfq-00058j-Tq for dnsop@ietf.org; Fri, 02 Nov 2018 21:24:28 -0400
Received: (qmail 28147 invoked from network); 3 Nov 2018 01:24:19 -0000
Received: from unknown (HELO [31.133.155.147]) (Authenticated-user:_huitema@huitema.net@[31.133.155.147]) (envelope-sender <huitema@huitema.net>) by xmail10.myhosting.com (qmail-ldap-1.03) with ESMTPA for <johnl@taugh.com>; 3 Nov 2018 01:24:19 -0000
Content-Type: multipart/alternative; boundary="Apple-Mail-FDFD20EB-1C8D-4FA3-986E-5DF7221F39DA"
Mime-Version: 1.0 (1.0)
From: Christian Huitema <huitema@huitema.net>
X-Mailer: iPhone Mail (16A404)
In-Reply-To: <20181102172852.GA20885@besserwisser.org>
Date: Sat, 03 Nov 2018 08:24:15 +0700
Cc: John R Levine <johnl@taugh.com>, "dnsop@ietf.org WG" <dnsop@ietf.org>, Brian Dickson <brian.peter.dickson@gmail.com>
Content-Transfer-Encoding: 7bit
Message-Id: <3D003D7D-12D0-4AB2-979D-2239EF54C3C3@huitema.net>
References: <CAH1iCirXYsYB3sAo8f1Jy-q4meLmQAPSFO-7x5idDufdT_unXQ@mail.gmail.com> <20181102001431.129AC2007E00AF@ary.local> <CAH1iCioGbweYndujWRsHFJ5ZJz+NXkL-_cyB13Xq4m5Espbmpw@mail.gmail.com> <alpine.OSX.2.21.1811021557350.13429@ary.local> <20181102172852.GA20885@besserwisser.org>
To: Måns Nilsson <mansaxel@besserwisser.org>
X-Originating-IP: 168.144.250.223
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: ham
X-Spampanel-Outgoing-Evidence: Combined (0.06)
X-Recommended-Action: accept
X-Filter-ID: EX5BVjFpneJeBchSMxfU5u8Xxz2tHzXyX5aGSbYx6fJ602E9L7XzfQH6nu9C/Fh9KJzpNe6xgvOx q3u0UDjvO1HF+STREOMSVVRlQBhMBwlVjyn5UrUp4n4yKOOaq9AxiRNAH7XnCphnpDOOJddkcFDj fzzJ6O8jiVhZi+WiYeCsScX6I9Dl5i6VrUM1b/j5NAmFR3BiNNySzE1qhn3ItE5EpHPznVavQp4h 1cyzxbRC4xvs/7iGgDKhZ45D5vihpeO/96K26qliFbK0URhAzJv5uZUEePrXZkexHL9EC3AAJAfA 9MMVcQ9WVjD1q+Rbd9IPG/DQ2p+GU04sTuYFs91jhnM/Mbva2XLV/LIEzaKyLm0zESXAkIAT8ZKA DvsGI5uh86ZVnyOrYkLMWyEaRt9fxN2oReTDHAyOynaY0CmHJLVH4DfVNbPXJmiLfub/IRFsicyJ MEhQFtD8PLoiniWmsFByBoXAuCZEyg59LM/9rUJrEbVA84BZVscMTXpbpuxXJTL417vaJWq5kk+j cuidX4Ts4xdG+C13IyWeZaIKaP92kYvCAgLvXDsJxwwj/3lh3afe0q2zUdz0OSfsX444raY4c7rF sBXziFczWeuAImxrekFydH4DojSCKJXVXfdz0+Q1eHsqtFQKXUaZ+neRXC2QfgHjpfJ8vHpGO1E1 rv1PGgUKl8Fk2bt6QgNFpdrjtWjWoVN8YHT+snsrpw22jZRl2kt9yYk5WCrzAYCgQ0qk/aTd3SEP dkJD++tEd9M+fXEtMMRQhilebkEXjFk8tLLJBl4kzg4sgIGXQirfiTmWNpgeMocn1f8Nr+K0fqb5 R4VemuUI6bcEARsm0Ohqt+Xga1chhWQpAUWfzXI+rrlJHnDn0ZA2vL1vx9UKwR4HDdDnpJnsnZ8l 83pkqWSdEOMftBjsWb6BDQzjSsFWaUKZ1JJcGxhwBY5CmZTIj1ZZXNSM8qRmAS6qJ+SgmVRG5T3/ 95tq5YraEsSrXcIxL7hrJSk60SF3F6RYOYr2
X-Report-Abuse-To: spam@quarantine9.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ZTn4vOq_1W7TAy32vgDHqt2ypjY>
Subject: Re: [DNSOP] Fundamental ANAME problems
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Nov 2018 01:24:39 -0000

On Nov 3, 2018, at 12:28 AM, Måns Nilsson <mansaxel@besserwisser.org> wrote:

>> I'll defer to other people, but it seems to me that anything that depends on
>> recursive DNS servers being updated isn't a realistic solution.  We're still
>> waiting for DNSSEC, after all.
> 
> Be as pessimistic as you like, but in Sweden, more than 80% of the ISP
> resolvers validate. The DNS can change, at a sometimes glacial speed,
> but it does change.

According to https://ithi.research.icann.org/graph-m5.html, the worldwide fraction of public DNS that performs DNSSEC validation is about 25%.

--Christian Huitema