Re: [DNSOP] abandoning ANAME and standardizing CNAME at apex

Joe Abley <jabley@hopcount.ca> Sun, 24 June 2018 03:06 UTC

From: Joe Abley <jabley@hopcount.ca>
Mime-Version: 1.0 (1.0)
References: <b73f3dc7-b378-d5d8-c7a2-42bc4326fbae@nic.cz> <alpine.DEB.2.11.1806191428250.916@grey.csi.cam.ac.uk> <CAJhMdTO2kj+nUqESg3ew=wwZuB9OzkJE6pST=mae7pHiEk4-Qw@mail.gmail.com> <20180623210416.GA12346@mournblade.imrryr.org> <CAJhMdTNzOUSjTmnorzrJze9F7Gcc+eWAjqii_4uJ4UmJPvQC-Q@mail.gmail.com> <5B2F05AE.3060306@redbarn.org>
In-Reply-To: <5B2F05AE.3060306@redbarn.org>
Date: Sat, 23 Jun 2018 20:06:03 -0700
Message-ID: <CAJhMdTNzvQe3=vrRODYTrfr7JEfqU9R0QBf9o=P2BMBhJdxrJA@mail.gmail.com>
To: Paul Vixie <paul@redbarn.org>
Cc: dnsop@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/qfjF-GOmTWg3gMWqHJoIUEdsVhk>
Subject: Re: [DNSOP] abandoning ANAME and standardizing CNAME at apex
Precedence: list

On Jun 23, 2018, at 22:45, Paul Vixie <paul@redbarn.org> wrote:

> Joe Abley wrote:
>> I think a pragmatic solution needs to work in unsigned zones.
>>
>> ...
>
> can someone ask the IAB to rule on whether any new internet technology standard should address unsigned DNS zones, or for that matter, IPv4 networks?
>
> "let's move on."

I agree with the sentiment, but in practical terms in 2018 I think
this is just a recipe for more DNS extensions without standardisation,
which will not help customers who want diversity in providers or who
want to be able to switch providers easily.

To the example at hand, enterprise DNS providers have already
implemented XNAME-like functionality in unsigned zones and and are
selling it. If they can't easily support a standardised mechanism,
they're going to carry on selling what they have.

These response-time tricks that need response-time signing or
pre-computation of signatures across a full set of possible responses
are used by a lot of high-traffic zones and there's significant money
and competition all around it. I don't think that ecosystem is highly
motivated by the opinions of the IAB, and so the pragmatic result of
such a (perfectly reasonable and architecturally progressive)
statement would be to hamstring the working group, not to make the
deployed system better.

If there was a visible horizon where DNSSEC was in widespread demand
and a zone being unsigned was unusual, I would think differently.

Joe

Re: [DNSOP] abandoning ANAME and standardizing CN… Evan Hunt
Re: [DNSOP] abandoning ANAME and standardizing CN… Joe Abley
Re: [DNSOP] faux BNAME, was abandoning ANAME and … John Levine
Re: [DNSOP] abandoning ANAME and standardizing CN… Tony Finch
Re: [DNSOP] abandoning ANAME and standardizing CN… John Levine
Re: [DNSOP] abandoning ANAME and standardizing CN… Paul Vixie
Re: [DNSOP] abandoning ANAME and standardizing CN… Mark Andrews
Re: [DNSOP] abandoning ANAME and standardizing CN… Ray Bellis
Re: [DNSOP] abandoning ANAME and standardizing CN… Jan Včelák
Re: [DNSOP] abandoning ANAME and standardizing CN… Mark Andrews
Re: [DNSOP] abandoning ANAME and standardizing CN… Paul Ebersman
Re: [DNSOP] abandoning ANAME and standardizing CN… Mark Andrews
Re: [DNSOP] abandoning ANAME and standardizing CN… Mark Andrews
Re: [DNSOP] abandoning ANAME and standardizing CN… Paul Vixie
Re: [DNSOP] abandoning ANAME and standardizing CN… David Conrad
Re: [DNSOP] abandoning ANAME and standardizing CN… Paul Vixie
Re: [DNSOP] abandoning ANAME and standardizing CN… Tony Finch
Re: [DNSOP] abandoning ANAME and standardizing CN… Tony Finch
Re: [DNSOP] abandoning ANAME and standardizing CN… Ray Bellis
Re: [DNSOP] abandoning ANAME and standardizing CN… Ondřej Surý
Re: [DNSOP] abandoning ANAME and standardizing CN… Paul Wouters
Re: [DNSOP] abandoning ANAME and standardizing CN… Matthew Pounsett
Re: [DNSOP] abandoning ANAME and standardizing CN… Joe Abley
Re: [DNSOP] abandoning ANAME and standardizing CN… John Levine
Re: [DNSOP] abandoning ANAME and standardizing CN… Tony Finch
Re: [DNSOP] abandoning ANAME and standardizing CN… Paul Vixie
Re: [DNSOP] abandoning ANAME and standardizing CN… Colm MacCárthaigh
Re: [DNSOP] abandoning ANAME and standardizing CN… Tony Finch
Re: [DNSOP] abandoning ANAME and standardizing CN… Tony Finch
Re: [DNSOP] abandoning ANAME and standardizing CN… Anthony Eden
Re: [DNSOP] abandoning ANAME and standardizing CN… Erik Nygren
Re: [DNSOP] abandoning ANAME and standardizing CN… Ray Bellis
Re: [DNSOP] abandoning ANAME and standardizing CN… Jared Mauch
Re: [DNSOP] abandoning ANAME and standardizing CN… Paul Wouters
Re: [DNSOP] abandoning ANAME and standardizing CN… Ray Bellis
Re: [DNSOP] abandoning ANAME and standardizing CN… Tony Finch
Re: [DNSOP] abandoning ANAME and standardizing CN… Joe Abley
Re: [DNSOP] abandoning ANAME and standardizing CN… Lanlan Pan
Re: [DNSOP] abandoning ANAME and standardizing CN… tjw ietf
Re: [DNSOP] abandoning ANAME and standardizing CN… Colm MacCárthaigh
Re: [DNSOP] abandoning ANAME and standardizing CN… Tony Finch
[DNSOP] abandoning ANAME and standardizing CNAME … Petr Špaček
Re: [DNSOP] abandoning ANAME and standardizing CN… Tony Finch
Re: [DNSOP] abandoning ANAME and standardizing CN… Tony Finch
Re: [DNSOP] abandoning ANAME and standardizing CN… Ray Bellis
Re: [DNSOP] abandoning ANAME and standardizing CN… Viktor Dukhovni
Re: [DNSOP] abandoning ANAME and standardizing CN… Evan Hunt
Re: [DNSOP] abandoning ANAME and standardizing CN… Joe Abley
Re: [DNSOP] abandoning ANAME and standardizing CN… Paul Vixie
Re: [DNSOP] abandoning ANAME and standardizing CN… Shumon Huque
Re: [DNSOP] abandoning ANAME and standardizing CN… Paul Vixie
Re: [DNSOP] abandoning ANAME and standardizing CN… Joe Abley
Re: [DNSOP] abandoning ANAME and standardizing CN… Viktor Dukhovni
Re: [DNSOP] abandoning ANAME and standardizing CN… Evan Hunt
Re: [DNSOP] abandoning ANAME and standardizing CN… Paul Vixie
Re: [DNSOP] abandoning ANAME and standardizing CN… Mark Andrews
Re: [DNSOP] abandoning ANAME and standardizing CN… 神明達哉
Re: [DNSOP] abandoning ANAME and standardizing CN… Tony Finch
Re: [DNSOP] abandoning ANAME and standardizing CN… Paul Vixie
Re: [DNSOP] abandoning ANAME and standardizing CN… Shumon Huque
Re: [DNSOP] abandoning ANAME and standardizing CN… Warren Kumari
Re: [DNSOP] abandoning ANAME and standardizing CN… John R Levine
Re: [DNSOP] abandoning ANAME and standardizing CN… Evan Hunt
Re: [DNSOP] abandoning ANAME and standardizing CN… Lanlan Pan
Re: [DNSOP] abandoning ANAME and standardizing CN… Evan Hunt
Re: [DNSOP] abandoning ANAME and standardizing CN… John R Levine
Re: [DNSOP] abandoning ANAME and standardizing CN… Evan Hunt
Re: [DNSOP] abandoning ANAME and standardizing CN… Warren Kumari
Re: [DNSOP] abandoning ANAME and standardizing CN… Mukund Sivaraman
Re: [DNSOP] Creating a query/record for A and AAAA Paul Vixie
Re: [DNSOP] Creating a query/record for A and AAAA Michael Sheldon
Re: [DNSOP] Creating a query/record for A and AAAA Paul Vixie
[DNSOP] Creating a query/record for A and AAAA Michael Sheldon
Re: [DNSOP] Creating a query/record for A and AAAA Paul Wouters
Re: [DNSOP] Creating a query/record for A and AAAA Mark Andrews
Re: [DNSOP] Creating a query/record for A and AAAA Tony Finch
Re: [DNSOP] Creating a query/record for A and AAAA Ondřej Surý
Re: [DNSOP] Creating a query/record for A and AAAA Jared Mauch
Re: [DNSOP] Creating a query/record for A and AAAA Paul Wouters
Re: [DNSOP] Creating a query/record for A and AAAA Ray Bellis
Re: [DNSOP] Creating a query/record for A and AAAA Ray Bellis
Re: [DNSOP] Creating a query/record for A and AAAA Paul Vixie
Re: [DNSOP] abandoning ANAME and standardizing CN… Tim Wicinski
Re: [DNSOP] abandoning ANAME and standardizing CN… Brian Dickson
Re: [DNSOP] abandoning ANAME and standardizing CN… Tony Finch
Re: [DNSOP] abandoning ANAME and standardizing CN… Paul Hoffman
Re: [DNSOP] abandoning ANAME and standardizing CN… Paul Vixie
Re: [DNSOP] abandoning ANAME and standardizing CN… Matthijs Mekking
Re: [DNSOP] abandoning ANAME and standardizing CN… Mukund Sivaraman
Re: [DNSOP] abandoning ANAME and standardizing CN… Paul Vixie
Re: [DNSOP] abandoning ANAME and standardizing CN… Dan York
Re: [DNSOP] abandoning ANAME and standardizing CN… Evan Hunt
Re: [DNSOP] abandoning ANAME and standardizing CN… Stephane Bortzmeyer
Re: [DNSOP] abandoning ANAME and standardizing CN… Stephane Bortzmeyer
Re: [DNSOP] abandoning ANAME and standardizing CN… Ray Bellis
Re: [DNSOP] abandoning ANAME and standardizing CN… Mukund Sivaraman
Re: [DNSOP] abandoning ANAME and standardizing CN… Ray Bellis
Re: [DNSOP] abandoning ANAME and standardizing CN… Mukund Sivaraman
Re: [DNSOP] abandoning ANAME and standardizing CN… Petr Špaček
Re: [DNSOP] abandoning ANAME and standardizing CN… Mukund Sivaraman
Re: [DNSOP] abandoning ANAME and standardizing CN… Evan Hunt
Re: [DNSOP] abandoning ANAME and standardizing CN… Mukund Sivaraman
Re: [DNSOP] abandoning ANAME and standardizing CN… Mark Andrews
Re: [DNSOP] abandoning ANAME and standardizing CN… JW
Re: [DNSOP] abandoning ANAME and standardizing CN… Mark Andrews
Re: [DNSOP] abandoning ANAME and standardizing CN… Petr Špaček
Re: [DNSOP] abandoning ANAME and standardizing CN… Stephane Bortzmeyer
Re: [DNSOP] abandoning ANAME and standardizing CN… Mukund Sivaraman
Re: [DNSOP] abandoning ANAME and standardizing CN… Mark Andrews
Re: [DNSOP] abandoning ANAME and standardizing CN… Petr Špaček
Re: [DNSOP] abandoning ANAME and standardizing CN… Mukund Sivaraman