Re: snarls in real life

Bron Gondwana <> Thu, 22 April 2021 01:00 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E52033A3DF3 for <>; Wed, 21 Apr 2021 18:00:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key) header.b=Tv+X2dAD; dkim=pass (2048-bit key) header.b=F615qmqN
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 8RGN1bnNBHDo for <>; Wed, 21 Apr 2021 18:00:08 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D52C63A3DF1 for <>; Wed, 21 Apr 2021 18:00:08 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal []) by mailout.west.internal (Postfix) with ESMTP id 592E912E3 for <>; Wed, 21 Apr 2021 21:00:06 -0400 (EDT)
Received: from imap42 ([]) by compute2.internal (MEProxy); Wed, 21 Apr 2021 21:00:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=mime-version:message-id:in-reply-to :references:date:from:to:subject:content-type; s=fm2; bh=3KS92aG tiU4q/npXUWPSq9L6U6ma+/p3Hw3maUe8U5U=; b=Tv+X2dADKgtGBU5GShNkhwh 5BQ1ZCrZftTQJpVzPO8/7Q0VS/9Nuk7VXQrPWru92WAVvRhN0LIYH2KWHJ6TLPjI 6sjrBAixb79y9Mw5trSVc/xJ4Jc0njz+2kIzf/zEwrxhrWeNerY55rnSJPLe4NYU MB75Yh4KuEfwdhD4Z9CDEKB3r6ej/Oz7NbXZ230sOE/KE+AY/+XCcijdQNpok3yk 6UcPyMgIuUKkHX+ik641f2l3MnG/4QhZlTKmNyJd8RTRQJ803Fc4C/ia6znoZ1w0 30xlfTqoj3MRUde30luX+JPeVUdsGHq3Bb0H3WVXnBmxJFUAWXvoosBE+bTGkKw= =
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=3KS92a GtiU4q/npXUWPSq9L6U6ma+/p3Hw3maUe8U5U=; b=F615qmqNoWayCQoK81URC+ VU1M7L6TBk+8bm/zXXd4Jat4mtvPz1sW0bVKiPIExNrUL5gnFT6XkaZoP1HlWLDT cV8+Fy3iCN3uYYKRwOUgC+MJL39j2Bf86zI6LXzoBsBKta25B+OEJdE6tUeLr6ZG UWDyo9kDnqDdULRXGrW53l5YaYVHzWLnmaQmrXW8PQ6+wTGfEiAFfwzat1+Z2ntd vH+TUCrgn+Y+C/mwEu9TUJPV1egHwJik6HG6uSx4UEg1ty6Y4lrV0/VYaZONyGo9 HxJj5hsNa6gSlVZ3WzN/Yy8UJfiq09DkCEoML5upRpzKwDKpKDvsVq3NDeSJTLsQ ==
X-ME-Sender: <xms:lcqAYLwznYlieQTQDsAa3XgvkLCYinz5QPV1Evamijnt7mycjqY0bQ> <xme:lcqAYDQLsNWgvk07V515NeKQg6WqDkOaOZMABKclPicy0KiKURXhcPO0a_F8kagHe fkrj-DZmhU>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvddtledggeduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsegrtd erreerredtnecuhfhrohhmpedfuehrohhnucfiohhnugifrghnrgdfuceosghrohhnghes fhgrshhtmhgrihhlthgvrghmrdgtohhmqeenucggtffrrghtthgvrhhnpedvudeuieehgf dvheeuueejjeeuudfgiefgveetfeelteeffffgtdejjefgueduvdenucevlhhushhtvghr ufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegsrhhonhhgsehfrghsthhmrg hilhhtvggrmhdrtghomh
X-ME-Proxy: <xmx:lcqAYFXVVYnZ7c76JeJDxDgsH0bga1qCAmQ2m3CeBdZ1ivl-6SCCng> <xmx:lcqAYFifdTyI0MDRItmD4rhZfyicqsbRy2hFPCNo4sDlrBjqrx2WVw> <xmx:lcqAYNCsodxAYYZah5GyXmjkK854_veP6YXg5kZ8zjTES3UUXbC9Ag> <xmx:lcqAYAPa4SoPyKT5-kghN4dkdKGfjagHqxCXAOVdw26v0SsJ2QTiXw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 0245B310005D; Wed, 21 Apr 2021 21:00:05 -0400 (EDT)
X-Mailer: Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-625-g0392165453-fm-ubox-20210419.003-g03921654
Mime-Version: 1.0
Message-Id: <>
In-Reply-To: <>
References: <> <> <> <> <YIC5jFjv/> <> <>
Date: Thu, 22 Apr 2021 10:59:43 +1000
From: "Bron Gondwana" <>
Subject: Re: snarls in real life
Content-Type: multipart/alternative; boundary=904c6782cebe45b2b8eb0caf8a40d438
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 22 Apr 2021 01:00:14 -0000

On Thu, Apr 22, 2021, at 10:23, Viktor Dukhovni wrote:
> > Also, I suspect that the content of your zone is managed by... you.
> The zone content is largely irrelevant for signing, DNSSEC signing
> just covers whatever is found in the zone.

This assumes that the zone is a static, serialisable beast which doesn't have different content depending on whether you look at it funny (or from a different geoip region, and that there's no eventual consistency happening underneath)

> I am suggesting that Google can easily do DNSSEC for, they likely
> face non-trivial adoption barriers with global DNSSEC load-balancing, and
> other specialised tech.  I am just saying the old excuses are tired out, we
> can and should move on.

I'm liking the "actually, we are the protocol police" more and more.  If people aren't compelled to implement something, then it's not offering them enough value.  But you know - maybe if they say "we don't want to because reasons", telling htem "your excuses are tired" won't persuade.  We can only really move on if we bring the world with us.


  Bron Gondwana, CEO, Fastmail Pty Ltd