Re: [dnsext] we need help to make names the same, was draft-yao-dnsext-identical-resolution-02 comment

[Nicholas Weaver <nweaver@icsi.berkeley.edu>]

On Feb 16, 2011, at 9:23 AM, Lawrence Conroy wrote:
> 
> To which I reply:
>  In principle, universal solutions trump narrow solutions that cover fewer use cases.
> BUT ...
>  So far, this thread has touched on/drifted towards VERY difficult problems, with
> alleged combinatorial explosions and other evils.
> 
> Vaggelis seemed to suggest that those allegations might not be important in practice.
> Almost all registries will have rules on bundling and mapping. Thus one may not need
> to "solve for infinity" to reach a solution that covers many or even most cases.
> His comment appeared reasonable (to me :), in rebutting allegations of impossibility.

One stupid observation:  Combinatorial explosion, if the protocol is done right, should not be a problem even in the 'solve for near infinity' case:

The effect on resolvers/caches is effectively nonexistent: they only need to store the actual instances queried for.


The effect on authorities is harder, but still not that hard IF the authority can dynamically generate the needed translations on the fly.

Thus the CNAME+DNAME style of aliasing should one finally be settled on (x.y -> r.s AND *.x.y -> *.r.s) is a sufficient mechanism if the authorities who want the combinatorial explosion case can use code to synthesize (x'.y' -> r.s) plus the associated RRSIGs on the fly.


Thus I'll argue that any solution SHOULD support the 'solve for infinity' case.  There is no real reason not to.

_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext