IETF Logo Mail Archive

Re: [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt

"John R Levine" <johnl@taugh.com> Mon, 30 July 2018 15:38 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29ACD13113A for <dnsop@ietfa.amsl.com>; Mon, 30 Jul 2018 08:38:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q5e3CLr5UBB3 for <dnsop@ietfa.amsl.com>; Mon, 30 Jul 2018 08:38:35 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBD1513112B for <dnsop@ietf.org>; Mon, 30 Jul 2018 08:38:34 -0700 (PDT)
Received: (qmail 57669 invoked from network); 30 Jul 2018 15:38:33 -0000
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 30 Jul 2018 15:38:33 -0000
Date: Mon, 30 Jul 2018 11:38:33 -0400
Message-ID: <alpine.OSX.2.21.1807301134290.55557@ary.qy>
From: John R Levine <johnl@taugh.com>
To: Ondřej Surý <ondrej@isc.org>
Cc: dnsop@ietf.org
In-Reply-To: <1437EC59-28F0-413E-97C4-9A886EDCA30E@isc.org>
References: <20180728215805.E60F020030A8E0@ary.qy> <FC43CF7A-9653-4EF3-BFF5-79600DC940AD@isc.org> <alpine.OSX.2.21.1807290047300.46393@ary.qy> <D2923107-B7D1-4ED6-AAC6-C65553BDEFEB@isc.org> <20180729210344.GA39601@isc.org> <1437EC59-28F0-413E-97C4-9A886EDCA30E@isc.org>
User-Agent: Alpine 2.21 (OSX 202 2017-01-01)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-1514299944-1532965113=:55557"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/jqMXs5QlGaDEYu3MdGKnkZnevV4>
Subject: Re: [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jul 2018 15:38:47 -0000

On Mon, 30 Jul 2018, Ondřej Surý wrote:
> I know some people have 40Gbps at mothers house, but for general usefulness you want to prevent downloading fake (or otherwise invalid) zone before you start downloading it.

This feels like what we call in the US moving the goalposts.

How do you know now that an AXFR isn't going to contain a gigabyte of 
malware, other than hoping that the other end is trustworthy? 
Personally, I download linux files by bittorrent without worrying about 
it, even though I am aware that there are copyright trolls who seed 
"unauthorized" copies of dirty movies and send out mass infringement 
threats.  How you download and how you verify are separate questions.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email