Re: [DNSOP] the root is not special, everybody please stop obsessing over it
Paul Vixie <paul@redbarn.org> Fri, 15 February 2019 01:51 UTC
Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D92A0128CF3 for <dnsop@ietfa.amsl.com>; Thu, 14 Feb 2019 17:51:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aSKcaaxZ5blu for <dnsop@ietfa.amsl.com>; Thu, 14 Feb 2019 17:51:46 -0800 (PST)
Received: from family.redbarn.org (family.redbarn.org [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A190126C15 for <dnsop@ietf.org>; Thu, 14 Feb 2019 17:51:46 -0800 (PST)
Received: from [IPv6:2001:559:8000:c9:b448:8ed0:27c1:2c1b] (unknown [IPv6:2001:559:8000:c9:b448:8ed0:27c1:2c1b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id D22B6892C6; Fri, 15 Feb 2019 01:51:45 +0000 (UTC)
To: william manning <chinese.apricot@gmail.com>
Cc: Evan Hunt <each@isc.org>, IETF DNSOP WG <dnsop@ietf.org>
References: <b45edb5e-1508-0b02-a14c-a5be4ca9c0e6@redbarn.org> <20190214235614.GB87001@isc.org> <6c3d6894-c584-c4fd-d09e-55903b34bead@redbarn.org> <CACfw2hiH5pS1wL+MKCq6-vYZS2sQ562Ke-2unC7zV1KQMPJybw@mail.gmail.com>
From: Paul Vixie <paul@redbarn.org>
Message-ID: <c54c48aa-1c75-7b72-2b52-3583e0e803ed@redbarn.org>
Date: Thu, 14 Feb 2019 17:51:45 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 PostboxApp/6.1.10
MIME-Version: 1.0
In-Reply-To: <CACfw2hiH5pS1wL+MKCq6-vYZS2sQ562Ke-2unC7zV1KQMPJybw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/tFD1FMWDYimv6vJ48gnoXztMR_Y>
Subject: Re: [DNSOP] the root is not special, everybody please stop obsessing over it
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2019 01:51:48 -0000
william manning wrote on 2019-02-14 17:35: > so, you would like the DNS to be resilient enough to "see" what was > topologically reachable and build a connected graph of those assets? no. that's not possible, and not desireable in any case. > I think that has been done, both academically and in a more limited way, > commercially, but its not called DNS so as not to upset the DNS mafia. > Or do you want something more restrictive than that? i want the metadata i need to reach and trust assets on my side of any connectivity loss event, to be kept in warm storage, and made subject to trusted invalidation on an opportunistic basis, at the discretion of the authority operators who own the data i have warm copies of. in practice this means DS/NS and DNSKEY/RRSIG and AAAA/A from my static trust anchor(s) down to any data i used recently or frequently (or by some other priority scheme), and i want it to look a bit like the single transaction mode of IXFR plus the single transaction mode of NOTIFY. no topology information as to actual connectivity will be modeled or estimated or needed. what matters is whether i can still reach all internet resources on my side of a break in connectivity (whether local or regional or distant), without needing any information that's otherwise only available on the far side of the connectivity break. thanks for asking; i am happy to clarify. DNS infrastructure should not be centralized, even if its content remains centrally coordinated by ICANN. (block chain people keep telling me that ICANN will be obsolete, but i'm not taking a position on that, only on data resiliency.) -- P Vixie
- [DNSOP] the root is not special, everybody please… Paul Vixie
- Re: [DNSOP] the root is not special, everybody pl… Mark Andrews
- Re: [DNSOP] the root is not special, everybody pl… Evan Hunt
- Re: [DNSOP] the root is not special, everybody pl… Paul Vixie
- Re: [DNSOP] the root is not special, everybody pl… Evan Hunt
- Re: [DNSOP] the root is not special, everybody pl… Paul Vixie
- Re: [DNSOP] the root is not special, everybody pl… william manning
- Re: [DNSOP] the root is not special, everybody pl… Paul Vixie
- Re: [DNSOP] the root is not special, everybody pl… Grant Taylor
- Re: [DNSOP] the root is not special, everybody pl… william manning
- Re: [DNSOP] the root is not special, everybody pl… Paul Vixie
- Re: [DNSOP] the root is not special, everybody pl… Evan Hunt
- Re: [DNSOP] the root is not special, everybody pl… David Conrad
- Re: [DNSOP] the root is not special, everybody pl… Tony Finch
- Re: [DNSOP] the root is not special, everybody pl… Stephane Bortzmeyer
- Re: [DNSOP] the root is not special, everybody pl… Bob Harold
- [DNSOP] Making domains work even when connectivit… Stephane Bortzmeyer
- Re: [DNSOP] the root is not special, everybody pl… Paul Vixie
- Re: [DNSOP] Making domains work even when connect… Paul Vixie
- Re: [DNSOP] Making domains work even when connect… william manning