Re: DNSSEC

Donald Eastlake <d3e3e3@gmail.com> Tue, 31 August 2010 15:44 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 411C13A681A for <ietf@core3.amsl.com>; Tue, 31 Aug 2010 08:44:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.43
X-Spam-Level:
X-Spam-Status: No, score=-102.43 tagged_above=-999 required=5 tests=[AWL=0.169, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YnzbqzUOLZ9y for <ietf@core3.amsl.com>; Tue, 31 Aug 2010 08:44:50 -0700 (PDT)
Received: from mail-bw0-f44.google.com (mail-bw0-f44.google.com [209.85.214.44]) by core3.amsl.com (Postfix) with ESMTP id CF4EE3A6804 for <ietf@ietf.org>; Tue, 31 Aug 2010 08:44:49 -0700 (PDT)
Received: by bwz9 with SMTP id 9so5529186bwz.31 for <ietf@ietf.org>; Tue, 31 Aug 2010 08:45:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=tENb6LAtK6+SiCTnbsBvuy+Zvv7OPluBTCRWzkZ6Zug=; b=Qh3eY41Cqesst4+J6JxT60s4VKaufojtyfnmluqGxeDc5c+JHdMD7+Y4MpJNqlngL3 KLGfOJzsXLpVDTbb7qpG8oDAzRDPaefF0YUN4rSAEtqjQaZi8cE8qNJNYOWkpR68KoeX uIuntbA4VqFiwnk/C2OLcaShqPcvAPFNxGoIc=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=cFK3eBa3RVkpe8LlcIlr9nGgQ812jQh5CxIWs9susZhKqWnMauiIYoKusFApgcdYFF Fya+ddDxIA541a1oizrqfPvKYFuIfeifyYzQh+cBOOD9G2zHPeI933CDTtYL2SnMqH+s 22T0oO8mGHs/1HyJyb9b037viVuEXddnEuS8I=
MIME-Version: 1.0
Received: by 10.204.51.145 with SMTP id d17mr4594098bkg.20.1283269519754; Tue, 31 Aug 2010 08:45:19 -0700 (PDT)
Received: by 10.204.100.211 with HTTP; Tue, 31 Aug 2010 08:45:19 -0700 (PDT)
In-Reply-To: <AANLkTinwMO6Sw-rvfrax-_VNN8x1kejc9iAkrNQGBf2v@mail.gmail.com>
References: <20100831143617.GI5233@amsl.com> <AANLkTinwMO6Sw-rvfrax-_VNN8x1kejc9iAkrNQGBf2v@mail.gmail.com>
Date: Tue, 31 Aug 2010 11:45:19 -0400
Message-ID: <AANLkTim2=JvauNLSJHq--nssLfEZrbsg5Dbdz+qRh2bC@mail.gmail.com>
Subject: Re: DNSSEC
From: Donald Eastlake <d3e3e3@gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Aug 2010 15:44:51 -0000

Hi Phil,

On Tue, Aug 31, 2010 at 11:02 AM, Phillip Hallam-Baker <hallam@gmail.com> wrote:
> Whether or not the IAB zone is signed is of negligible consequence.
>
> But the fact that the IAB zone signatures had expired is a highly
> significant data point: DNSSEC administration is not quite as easy as
> some of the glib claims of its more enthusiastic supporters would lead
> one to believe.

Sounds like a straw man to me. Can you provide a pointer to some of
these glib claims?

For years I have been hearing, correctly I believe, that lack of
logistical and administrative tools and support for DNSSEC was the
main problem slowing deployment. Recent developments like RFC 5011
(Automated Updates of DNS Security (DNSSEC) Trust Anchors) have
improved things a lot. And, as an original architect of DNSSEC, I
admit that the early proposal set was deficient in this area.

Donald

> On Tue, Aug 31, 2010 at 10:36 AM, Glen Barney (AMS) <glen@amsl.com> wrote:
>> Community -
>>
>> The DNS zone files have been re-signed, and we will look into alternatives to
>> the original DNSSEC tools that were in use (which seem to be broken.)
>>
>> And just a reminder that, while posting complaints to this list might feel
>> more therapeutic, the secretariat has an address set up for trouble reports,
>> which is ietf-action@ietf.org .  Sending complaints to that address will
>> generally get much faster results.
>>
>> Thank you!
>>
>> Glen
>> Glen Barney
>> IT Director
>> AMS (IETF Secretariat)
>>
>> _______________________________________________
>> Ietf mailing list
>> Ietf@ietf.org
>> https://www.ietf.org/mailman/listinfo/ietf