Re: [DNSOP] Fwd: [Add] new draft: draft-grover-add-policy-detection-00

Paul Vixie <> Mon, 15 July 2019 01:34 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 62DC9120118 for <>; Sun, 14 Jul 2019 18:34:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id P5IBxhcEGzoO for <>; Sun, 14 Jul 2019 18:34:25 -0700 (PDT)
Received: from ( [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5880B12001B for <>; Sun, 14 Jul 2019 18:34:25 -0700 (PDT)
Received: from linux-9daj.localnet ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by (Postfix) with ESMTPSA id 983B1892E8; Mon, 15 Jul 2019 01:34:23 +0000 (UTC)
From: Paul Vixie <>
Cc: Rob Sayre <>
Date: Mon, 15 Jul 2019 01:34:23 +0000
Message-ID: <4966582.gC1Lsr5W4Z@linux-9daj>
Organization: none
In-Reply-To: <>
References: <>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <>
Subject: Re: [DNSOP] Fwd: [Add] new draft: draft-grover-add-policy-detection-00
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 15 Jul 2019 01:34:26 -0000

On Sunday, 14 July 2019 23:09:00 UTC Rob Sayre wrote:
> Paul Vixie wrote:
> > ...
> Was DNS intentionally designed to be insecure?

no. nor ip itself, or ncp which preceded it, or tcp, or udp, or icmp, or smtp, 
ot http. it was insecure because it evolved in a safe, germ free academic 
bubble. absolutely none of it was designed with billions of people in mind, or 
the full cross section of humanity which would include criminals and national 
intelligence services. the world of the internet in 2019 would have been seen 
as a total freak show by the community who deployed dns  in the 1980's.

nothing that can be abused won't be. you may or may not believe this; it's 
considered controversial, and there are arguments being had about it today.

but noone considered that now-controversial near-truism at all when the core 
internet protocols were first designed and implemented. the idea of abuse was 
considered novel in the 1990's when commercialization and privatization 
brought abuse into the internet world and burst the academic bubble. a lot of 
old timers blamed AOL and MSN and even Usenet for the problems, but in 
actuality, it's what humans _always_ do at scale. putting the full spectrum of 
human culture atop a technology platform designed for academic and 
professional culture should have been understood to be a recipe for disaster.