Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blacklists and Whitelists)
Florian Weimer <fw@deneb.enyo.de> Sun, 16 November 2008 22:00 UTC
Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C3C543A6949; Sun, 16 Nov 2008 14:00:04 -0800 (PST)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 951DC3A6949 for <ietf@core3.amsl.com>; Sun, 16 Nov 2008 14:00:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.498
X-Spam-Level:
X-Spam-Status: No, score=-1.498 tagged_above=-999 required=5 tests=[AWL=-0.048, BAYES_00=-2.599, HELO_EQ_DE=0.35, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WsUd8AxVg189 for <ietf@core3.amsl.com>; Sun, 16 Nov 2008 13:59:59 -0800 (PST)
Received: from mail.enyo.de (mail.enyo.de [IPv6:2001:14b0:202:1::a7]) by core3.amsl.com (Postfix) with ESMTP id DBBAA3A6358 for <ietf@ietf.org>; Sun, 16 Nov 2008 13:59:58 -0800 (PST)
Received: from deneb.vpn.enyo.de ([212.9.189.177] helo=deneb.enyo.de) by mail.enyo.de with esmtp id 1L1peu-0001kv-NH; Sun, 16 Nov 2008 22:59:56 +0100
Received: from fw by deneb.enyo.de with local (Exim 4.69) (envelope-from <fw@deneb.enyo.de>) id 1L1peu-0004PN-98; Sun, 16 Nov 2008 22:59:56 +0100
From: Florian Weimer <fw@deneb.enyo.de>
To: Mark Andrews <Mark_Andrews@isc.org>
Subject: Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blacklists and Whitelists)
References: <200811162144.mAGLivi2082005@drugs.dv.isc.org>
Date: Sun, 16 Nov 2008 22:59:55 +0100
In-Reply-To: <200811162144.mAGLivi2082005@drugs.dv.isc.org> (Mark Andrews's message of "Mon, 17 Nov 2008 08:44:57 +1100")
Message-ID: <873ahrnxgk.fsf@mid.deneb.enyo.de>
MIME-Version: 1.0
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
* Mark Andrews: >> I didn't say it was a DNSSEC problem. I just wanted to note it's >> impossible to secure some existing DNSBL zones using DNSSEC without >> sacrificing some of the functionality which is mentioned in section >> 2.1 in the draft. > > I still don't believe your claim. I can't sign a thousand million RRsets and serve it in a DoS-resilient manner, even with John's partitioning idea (which is rather neat, thanks!). Macro expansion in the client brings down the number of RRsets to a challenging, but manageable level. Chris says there's precedent for that, so I think we can end this subthread (or move the discussion to some place where the topic of DNSSEC scalability would be more on-topic). _______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Stephane Bortzmeyer
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Stephane Bortzmeyer
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John L
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Dave CROCKER
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Sam Hartman
- The purpose of a Last Call Dave CROCKER
- RE: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Livingood, Jason
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Doug Otis
- Re: The purpose of a Last Call Pete Resnick
- Re: The purpose of a Last Call Sam Hartman
- Re: The purpose of a Last Call Leslie Daigle
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John C Klensin
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… ned+ietf
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Dave CROCKER
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Eric Rescorla
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Dave CROCKER
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Steven M. Bellovin
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Eric Rescorla
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John C Klensin
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John C Klensin
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Paul Hoffman
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Doug Ewell
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- draft-irtf-asrg-bcp-blacklists John Leslie
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Theodore Tso
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: draft-irtf-asrg-bcp-blacklists SM
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Theodore Tso
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- Re: draft-irtf-asrg-bcp-blacklists John Levine
- Re: draft-irtf-asrg-bcp-blacklists Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… David Conrad
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John C Klensin
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John C Klensin
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John C Klensin
- RE: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Livingood, Jason
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- RE: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Livingood, Jason
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Matthias Leisi
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- RE: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… michael.dillon
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Hansen
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Steven M. Bellovin
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Matthias Leisi
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- RE: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Livingood, Jason
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Dave CROCKER
- RE: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Steve Linford
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Finch
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… der Mouse
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Finch
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Finch
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Finch
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tim Chown
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Theodore Tso
- RE: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… michael.dillon
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Steve Linford
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Lisa Dusseault
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Joe St Sauver
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Jamie Tomasello
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Finch
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… der Mouse
- Re: draft-irtf-asrg-bcp-blacklists Rich Kulawiec
- IPv6 traffic stats (was: Re: Last Call: draft-irt… David Kessens
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Keith Moore
- Re: IPv6 traffic stats Harald Alvestrand
- Re: IPv6 traffic stats Turchanyi Geza
- Re: IPv6 traffic stats Harald Alvestrand
- Re: IPv6 traffic stats Marc Manthey
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… SM
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Andrew Sullivan
- Re: IPv6 traffic stats Pekka Savola
- Re: IPv6 traffic stats Harald Alvestrand
- RE: IPv6 traffic stats Hallam-Baker, Phillip
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Finch
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Andrew Sullivan
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Tony Finch
- Re: IPv6 traffic stats Geoff Huston
- Re: IPv6 traffic stats Peter Sherbin
- Re: IPv6 traffic stats Pekka Savola
- Re: IPv6 traffic stats (was: Re: Last Call: draft… Danny McPherson
- Re: IPv6 traffic stats Danny McPherson
- Re: IPv6 traffic stats Iljitsch van Beijnum
- Re: IPv6 traffic stats Iljitsch van Beijnum
- Re: IPv6 traffic stats (was: Re: Last Call: draft… David Kessens
- RE: IPv6 traffic stats TJ
- Re: IPv6 traffic stats (was: Re: Last Call: draft… Danny McPherson
- Re: IPv6 traffic stats (was: Re: Last Call: draft… David Kessens
- Re: IPv6 traffic stats (was: Re: Last Call: draft… Olivier MJ Crepin-Leblond
- Re: IPv6 traffic stats - limitations of 6to4 Pekka Savola
- Re: IPv6 traffic stats Pekka Savola
- Re: IPv6 traffic stats - limitations of 6to4 Rémi Després
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Doug Otis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Florian Weimer
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Florian Weimer
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Mark Andrews
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Florian Weimer
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Chris Lewis
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Florian Weimer
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… John Levine
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Florian Weimer
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Mark Andrews
- Re: Last Call: draft-irtf-asrg-dnsbl (DNS Blackli… Mark Andrews
- Re: Last Call: draft-irtf-asrg-blinds (DNS Blackl… Chris Lewis