IETF Logo Mail Archive

Re: Proposed DNSSEC Plenary Experiment for IETF 74

Stephane Bortzmeyer <bortzmeyer@nic.fr> Fri, 28 November 2008 09:45 UTC

Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 567B13A69D3; Fri, 28 Nov 2008 01:45:01 -0800 (PST)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4BF6D3A69D3 for <ietf@core3.amsl.com>; Fri, 28 Nov 2008 01:45:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.349
X-Spam-Level:
X-Spam-Status: No, score=-4.349 tagged_above=-999 required=5 tests=[AWL=1.900, BAYES_00=-2.599, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EGZXv1J4ZoN2 for <ietf@core3.amsl.com>; Fri, 28 Nov 2008 01:44:59 -0800 (PST)
Received: from mx2.nic.fr (mx2.nic.fr [192.134.4.11]) by core3.amsl.com (Postfix) with ESMTP id 3411D3A682F for <ietf@ietf.org>; Fri, 28 Nov 2008 01:44:59 -0800 (PST)
Received: from mx2.nic.fr (localhost [127.0.0.1]) by mx2.nic.fr (Postfix) with SMTP id 753CC1C0133; Fri, 28 Nov 2008 10:44:55 +0100 (CET)
Received: from relay1.nic.fr (relay1.nic.fr [192.134.4.162]) by mx2.nic.fr (Postfix) with ESMTP id 6FCBB1C00E5; Fri, 28 Nov 2008 10:44:55 +0100 (CET)
Received: from bortzmeyer.nic.fr (batilda.nic.fr [192.134.4.69]) by relay1.nic.fr (Postfix) with ESMTP id 6D530A1D95B; Fri, 28 Nov 2008 10:44:55 +0100 (CET)
Date: Fri, 28 Nov 2008 10:44:55 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Matthew Ford <ford@isoc.org>
Subject: Re: Proposed DNSSEC Plenary Experiment for IETF 74
Message-ID: <20081128094455.GB22180@nic.fr>
References: <20081126175013.94E2828C161@core3.amsl.com> <20081127164732.GH10931@unknown.office.denic.de> <492EE10D.70303@dcrocker.net> <1F527378-6BE8-4BC4-97AB-64B3D535E6C9@virtualized.org> <492EF9B9.5020702@isoc.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <492EF9B9.5020702@isoc.org>
X-Operating-System: Debian GNU/Linux lenny/sid
X-Kernel: Linux 2.6.26-1-686 i686
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

On Thu, Nov 27, 2008 at 07:49:13PM +0000,
 Matthew Ford <ford@isoc.org> wrote 
 a message of 13 lines which said:

> After all the years of FUD surrounding DNSSEC deployment, I feel
> quite strongly that having the IETF do as you suggested and then be
> able to point to 'no discernible impact' on the network would be a
> significant milestone.

That would prove nothing: failures will DNSSEC do not happen every
day. Signatures expire, people stop signing without telling the parent
zone, keys rolls over, but it may not happen during these few days.

You see the actual problems with DNSSEC (which are *not* FUD) when you
run it every day, for several months. 

<flame>Read the pro-DNSSEC responses to US govermnent's survey
<http://www.ntia.doc.gov/dns/dnssec.html> and see how many of these
people who tell Obama to sign, signed themselves their zone.</flame>

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email