Re: [DNSOP] DNSng-ish (was Re: key lengths for DNSSEC)
Phillip Hallam-Baker <hallam@gmail.com> Thu, 03 April 2014 11:37 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E2C01A023B for <dnsop@ietfa.amsl.com>; Thu, 3 Apr 2014 04:37:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EQOT2MM2MH-H for <dnsop@ietfa.amsl.com>; Thu, 3 Apr 2014 04:37:28 -0700 (PDT)
Received: from mail-lb0-x232.google.com (mail-lb0-x232.google.com [IPv6:2a00:1450:4010:c04::232]) by ietfa.amsl.com (Postfix) with ESMTP id 343E61A032A for <dnsop@ietf.org>; Thu, 3 Apr 2014 04:35:57 -0700 (PDT)
Received: by mail-lb0-f178.google.com with SMTP id s7so1187039lbd.23 for <dnsop@ietf.org>; Thu, 03 Apr 2014 04:35:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=0kGPiEASGjEAwp+3A/bJLp0eKzr5qwup7UYd7S5sjzI=; b=K/pqxnztD5wZfAw0Wzff3yxWs8TexDxDfhvdtKWtTJNB/bbQ1hZEZGo/r8qN+6A+At cktppuRWneIZ6NDWY4aN53AfeknttmgiSMckX5E57I37XKgRh9FM4uazZJeaBVr3meQC dUy22KKPu2xDRzSgSiyViI8fdZsV/73P8f+WEx4aNDPH6s5fpd5Iwd7F8ZinwbrpKcV5 ew+USAc2rE/CCmksTwRd2gxcLAEIPZfF2T+wuamoUxrN2iEwnD7KxXWoCdaSqSIGOobY 43m1FRor9nxsnPA0D9Ufzcp9vlloPC8eNt7m25gM2tzoKv2lCCXLRu7ixSljvV6zpQhk m4VA==
MIME-Version: 1.0
X-Received: by 10.112.150.233 with SMTP id ul9mr4265898lbb.2.1396524952331; Thu, 03 Apr 2014 04:35:52 -0700 (PDT)
Received: by 10.112.234.229 with HTTP; Thu, 3 Apr 2014 04:35:52 -0700 (PDT)
In-Reply-To: <CAMm+LwheDGtS=dmdkwscR5J=PT4GhqV-Kg6qLhy3=5bc3EpgvA@mail.gmail.com>
References: <78F386B0-BC6B-4159-B9D4-4BFEB10252A6@rfc1035.com> <1D0A45EF-E5D3-468D-BA08-E45FEF4399DE@dnss.ec> <CAMm+LwgNoNhg7wSO+wqCGujBSfC4Fu3cwMPu2nTmkdvDwAD5Mw@mail.gmail.com> <20140402233105.GD56668@mx1.yitter.info> <CAMm+Lwh9G7VR1W4Qgi+qT4GCZKzC7qarHkaffVGETj1vfjheDg@mail.gmail.com> <20140403024828.GI56668@mx1.yitter.info> <CAMm+LwheDGtS=dmdkwscR5J=PT4GhqV-Kg6qLhy3=5bc3EpgvA@mail.gmail.com>
Date: Thu, 03 Apr 2014 07:35:52 -0400
Message-ID: <CAMm+LwjM1BT0iq=oMO4STMUCG53ymVVHdDvgP=sTUQN+ukMaYw@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Andrew Sullivan <ajs@anvilwalrusden.com>
Content-Type: multipart/alternative; boundary="047d7b342f6cb42b0f04f621cd2a"
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/lWA9kDSCRFd6uH1YsQj80B5i-0Y
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] DNSng-ish (was Re: key lengths for DNSSEC)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Apr 2014 11:37:33 -0000
On Wed, Apr 2, 2014 at 11:24 PM, Phillip Hallam-Baker <hallam@gmail.com>wrote: > > > > On Wed, Apr 2, 2014 at 10:48 PM, Andrew Sullivan <ajs@anvilwalrusden.com>wrote: > >> On Wed, Apr 02, 2014 at 09:07:07PM -0400, Phillip Hallam-Baker wrote: >> > 1) Client -> Resolver >> >> > Changing 1 is the easiest and also the part that is most in need. >> >> >From where I sit, that project appears to reduce to roughly "upgrade >> all the computers on Earth." It may be that we do not have a common >> meaning of "easiest". Perhaps you could say more. >> > > Nope, just the gateway devices and the main DNS servers. > > Legacy DNS over raw UDP will be around for decades to come. But DNS over a > privacy protected transport is quite viable. > > The privacy issues are most acute at the network gateway device, the > firewall or the WiFi router. > > > Privacy protection plus anti-censorship protection is in big demand right > now. > Since we have essentially zero DNSSEC stub clients in operation and 100% of those that are in use are being deployed by aggressive early adopters, deployment in the stub client -> recursive loop is actually quite easy. What we can't do is to break legacy DNS without DNSSEC. That is the deployment scenario that is beyond redemption. -- Website: http://hallambaker.com/
- Re: [DNSOP] key lengths for DNSSEC Phillip Hallam-Baker
- [DNSOP] key lengths for DNSSEC Jim Reid
- Re: [DNSOP] key lengths for DNSSEC Ted Lemon
- Re: [DNSOP] key lengths for DNSSEC Joe Abley
- [DNSOP] DNSng-ish (was Re: key lengths for DNSSEC) Andrew Sullivan
- Re: [DNSOP] key lengths for DNSSEC đź”’ Roy Arends
- Re: [DNSOP] key lengths for DNSSEC Phil Regnauld
- Re: [DNSOP] key lengths for DNSSEC Christopher Morrow
- Re: [DNSOP] key lengths for DNSSEC Christopher Morrow
- Re: [DNSOP] key lengths for DNSSEC Ted Lemon
- Re: [DNSOP] key lengths for DNSSEC Evan Hunt
- Re: [DNSOP] key lengths for DNSSEC Nicholas Weaver
- Re: [DNSOP] key lengths for DNSSEC Frederico A C Neves
- Re: [DNSOP] key lengths for DNSSEC Richard Lamb
- Re: [DNSOP] DNSng-ish (was Re: key lengths for DN… Phillip Hallam-Baker
- Re: [DNSOP] DNSng-ish (was Re: key lengths for DN… Andrew Sullivan
- Re: [DNSOP] DNSng-ish (was Re: key lengths for DN… Phillip Hallam-Baker
- Re: [DNSOP] DNSng-ish (was Re: key lengths for DN… Phillip Hallam-Baker
- Re: [DNSOP] key lengths for DNSSEC Tony Finch
- Re: [DNSOP] key lengths for DNSSEC Tony Finch
- [DNSOP] Signaling Cryptographic Algorithm Underst… Steve Crocker