IETF Logo Mail Archive

Re: [DNSOP] SIG(0) useful (and used?)

Tom Pusateri <pusateri@bangj.com> Wed, 20 June 2018 20:06 UTC

Return-Path: <pusateri@bangj.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2D2F13115F for <dnsop@ietfa.amsl.com>; Wed, 20 Jun 2018 13:06:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v6FqISTPdJPW for <dnsop@ietfa.amsl.com>; Wed, 20 Jun 2018 13:06:48 -0700 (PDT)
Received: from oj.bangj.com (amt0.gin.ntt.net [129.250.11.170]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C81DC130E13 for <dnsop@ietf.org>; Wed, 20 Jun 2018 13:06:46 -0700 (PDT)
Received: from [10.46.144.157] (unknown [209.59.114.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by oj.bangj.com (Postfix) with ESMTPSA id F1B487B; Wed, 20 Jun 2018 16:06:42 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.4 \(3445.8.2\))
From: Tom Pusateri <pusateri@bangj.com>
In-Reply-To: <96026eab-dc48-e814-a21c-85a5acdcb679@time-travellers.org>
Date: Wed, 20 Jun 2018 16:06:43 -0400
Cc: dnsop@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <4127523D-D730-4DD0-BA6A-64FF906CD342@bangj.com>
References: <6C8533C2-6510-4A0E-A7EA-50EB83E43A7D@isc.org> <96026eab-dc48-e814-a21c-85a5acdcb679@time-travellers.org>
To: Shane Kerr <shane@time-travellers.org>
X-Mailer: Apple Mail (2.3445.8.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/a619V5BpuFVvTHRfCfyEWUWXock>
Subject: Re: [DNSOP] SIG(0) useful (and used?)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jun 2018 20:06:51 -0000


> On Jun 20, 2018, at 3:23 PM, Shane Kerr <shane@time-travellers.org> wrote:
> 
> Ondřej,
> 
> Ondřej Surý:
>> as far as I could find on the Internet there are only SIG(0) implementation in handful DNS implementations - BIND, PHP Net_DNS2 PHP library, Net::DNS(::Sec) Perl library, trust_dns written in Rust and perhaps others I haven’t found; no mentions of real deployment was found over the Internet (but you can blame Google for that)...
>> 
>> Do people think the SIG(0) is something that we should keep in DNS and it will be used in the future or it is a good candidate for throwing off the boat?
> 
> My guess is that any time you ask this working group if a feature is
> important in DNS, the answer will be "yes", even if not a single system
> is using it anywhere on the Internet and beyond.
> 
> I wonder if there is any metric that dnsop would agree on to determine
> whether a DNS feature is useful or not?
> 
> Cheers,
> 
> —
> Shane

To be fair, he asked if it would be used in the future and that’s hard to measure. But given that the community hasn’t concentrated on security as much in the past as it will in the future, it seems that throwing security measures off the boat is premature.

Tom

v2.23.0 | Report a Bug | By Email