IETF Logo Mail Archive

Re: [DNSOP] Fwd: New Version Notification for draft-pan-dnsop-swild-rr-type-00.txt

Paul Vixie <paul@redbarn.org> Mon, 14 August 2017 21:32 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E98B113243E for <dnsop@ietfa.amsl.com>; Mon, 14 Aug 2017 14:32:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wPsTQ7G8603Z for <dnsop@ietfa.amsl.com>; Mon, 14 Aug 2017 14:32:10 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [24.104.150.213]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 247D013243A for <dnsop@ietf.org>; Mon, 14 Aug 2017 14:32:10 -0700 (PDT)
Received: from [10.1.7.203] (63-158-87-14.dia.static.qwest.net [63.158.87.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id CDCB861FF3; Mon, 14 Aug 2017 21:32:08 +0000 (UTC)
Message-ID: <599216D2.8060608@redbarn.org>
Date: Mon, 14 Aug 2017 14:32:02 -0700
From: Paul Vixie <paul@redbarn.org>
User-Agent: Postbox 5.0.16 (Windows/20170718)
MIME-Version: 1.0
To: Lanlan Pan <abbypan@gmail.com>
CC: dnsop <dnsop@ietf.org>
References: <149908054910.760.8140876567010458934.idtracker@ietfa.amsl.com> <CAAiTEH8ntOerB6MGKMS2xcCK3TL9n4fyLq6F+bpUY6oTUpWN8w@mail.gmail.com> <CANLjSvWOzaJcVL64BhNFKnTUEgfq06TQtoy=ZNJ_JafvPU1aSA@mail.gmail.com> <1659363.yAWSxLQAC2@tums.local> <CANLjSvUkoYt1LXwVQ90MVej6mwOg4Q_2=PT=+Rwrf=8k5WAaRA@mail.gmail.com>
In-Reply-To: <CANLjSvUkoYt1LXwVQ90MVej6mwOg4Q_2=PT=+Rwrf=8k5WAaRA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/xTjcF0mbCiHtF3lsNXepohrAsOM>
Subject: Re: [DNSOP] Fwd: New Version Notification for draft-pan-dnsop-swild-rr-type-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Aug 2017 21:32:12 -0000

WG Chairs: i oppose adoption of this draft.

Lanlan Pan wrote:
> Hi Paul,
>
> ...

tl;dr: this message marks the end of this thread from my side.

> I think, SWILD has no influence on DNSSEC deployment : 1) If
> recursive wants to deploy DNSSEC, it is almost impossible because of
> NSEC/NSEC3 aggressiveuse Wildcards. *Security need is the greatest
> motivation behind DNSSEC depolyment.* 2) If recursive doesn't want
> to deploy DNSSEC, it is almost impossible because of SWILD. Imagine
> that, there is no SWILD to give precise subdomain wildcard
> information from authoritative, recursive can use random subdomain
> detect method to make cache optimization, which was described in DNS
> Noise: Measuring the Pervasiveness of Disposable Domains in Modern
> DNS Traffic
> <http://astrolavos.gatech.edu/articles/dnsnoise-dsn2014.pdf>.

Mr. Pan, your words above are a striking example of absurd reduction, 
which through a series of difficult-to-assail false equivalencies, an 
outcome unacceptable to your correspondent may begin to "look good on 
paper".

Proof of this can by found by trying to reason your way to the 
conclusion you are offering, by any other path. You'll find this 
difficult, since the likelihood of someone deploying DNSSEC if it has no 
compelling features is lower, and aggressive negative caching with or 
without a wildcard is a feature of both DNSSEC and SWILD.

In any case I find that you are arguing in bad faith, starting from your 
desire and then finding ways to justify it, rather than starting from 
the facts and finding out where those lead to. I won't play along any 
further. For your possible use, see these words from the NY Times 
opinion pages, published a day or so ago:

<<What becomes clear to anyone following the climate debate, however, is 
that hardly any climate skeptics are in fact trying to get at the truth. 
I’m not a climate scientist, but I do know what bogus arguments look 
like — and I can’t think of a single prominent climate skeptic who isn’t 
obviously arguing in bad faith.

Take, for example, all the people who seized on the fact that 1998 was 
an unusually warm year to claim that global warming stopped 20 years ago 
— as if one unseasonably hot day in May proves that summer is a myth. Or 
all the people who cited out-of-context quotes from climate researchers 
as evidence of a vast scientific conspiracy.>>

-- 
P Vixie

v2.23.0 | Report a Bug | By Email