IETF Logo Mail Archive

Re: [sunset4] future of dnssec?

Ca By <cb.list6@gmail.com> Wed, 22 February 2017 13:52 UTC

Return-Path: <cb.list6@gmail.com>
X-Original-To: sunset4@ietfa.amsl.com
Delivered-To: sunset4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E3F81298BA for <sunset4@ietfa.amsl.com>; Wed, 22 Feb 2017 05:52:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iN3e4rtkWLo8 for <sunset4@ietfa.amsl.com>; Wed, 22 Feb 2017 05:52:10 -0800 (PST)
Received: from mail-wr0-x229.google.com (mail-wr0-x229.google.com [IPv6:2a00:1450:400c:c0c::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7998C1298A5 for <sunset4@ietf.org>; Wed, 22 Feb 2017 05:52:10 -0800 (PST)
Received: by mail-wr0-x229.google.com with SMTP id 89so2333422wrr.3 for <sunset4@ietf.org>; Wed, 22 Feb 2017 05:52:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=2H8oXJnd3fLgH2DQmnFNobZJLUIp0qAbwef7yDv6Xrg=; b=Qjw+JU64T7BvoKhGrv/ylg4qh7XX1QyjoexLQeY9R4Zvnk8GJbJaR/qsam4EbmSW5o SQdCazPLu9YHbkDsuQm1KTErdDKOc3bYgS268KpGsg8Qmuu5QEUpbt0HdQw8Yzn497Il 6n1EFZoZSfW+rEhgGk4WZL9jhGB+lVj8nGpQoIyMGmv4IWadYSvvq9Bv/fZFKHdVqXgt 7YUUD6GrRdwl37ftjPBzo+FkJUOmVmVbGnXuxnr8kZO/5sgpnN2o1KdBOADHGJXPJ0Xe fTh85fkCPiq3TZhuYN1nDIHWoAJZ+fYdwRgoJkIK2s+Q2ox3Qlk15jOWCt2bx+SvnZGv 3IxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=2H8oXJnd3fLgH2DQmnFNobZJLUIp0qAbwef7yDv6Xrg=; b=VZ+xsaQdaaZEsLC0tmlokr7I+dMpsgpk4ze+B46Ss6bqsjawoONqk+VCebWSSSQ2pp lroRQeE3WE9YDtNjU62BEFXQT9ZMqbrcVwEWxwapVKPyxwEPK0GRTLq8vXNoqtGBxehS Thn2cY0k0FjVW88yNwpbFtmU3KVwO8RtLHNkLTGjoChzpvoV1XQynAgD6owV9dUCjSfx vZM66ZEpriZoVc2qdKGvDtax/ApIJL4xIoI5Glu1xTSSsoOvfsfkqJsiHMbCQEwlt+/6 PSXlDilzng3YRx6y/rHMIcx9Qk9gP2YNCyebieUlMGj9us90NmXDCKL+6OD/WhAbdIKz 18wA==
X-Gm-Message-State: AMke39nSsFMeKOlc0g2bXJfHtXqfBsUB/0+VdXRygaKJb1QMqMzU8jrM6loEZcBbLMWpnUCJtH/XKaWKFHFV5w==
X-Received: by 10.223.128.5 with SMTP id 5mr24140613wrk.163.1487771528892; Wed, 22 Feb 2017 05:52:08 -0800 (PST)
MIME-Version: 1.0
References: <6536E263028723489CCD5B6821D4B21334D566F0@UK30S005EXS06.EEAD.EEINT.CO.UK>
In-Reply-To: <6536E263028723489CCD5B6821D4B21334D566F0@UK30S005EXS06.EEAD.EEINT.CO.UK>
From: Ca By <cb.list6@gmail.com>
Date: Wed, 22 Feb 2017 13:51:58 +0000
Message-ID: <CAD6AjGQxi-6wxqEWRwLKc_1c4ocnQEm6RNA9ZCHzhqUTKJj88g@mail.gmail.com>
To: "Heatley, Nick" <nick.heatley@ee.co.uk>, "sunset4@ietf.org" <sunset4@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c05cf607c980405491ecdfa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sunset4/nbSyN8Hp2QEGJFurLjKKJg4gADw>
Subject: Re: [sunset4] future of dnssec?
X-BeenThere: sunset4@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: sunset4 working group discussion list <sunset4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sunset4>, <mailto:sunset4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sunset4/>
List-Post: <mailto:sunset4@ietf.org>
List-Help: <mailto:sunset4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sunset4>, <mailto:sunset4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Feb 2017 13:52:12 -0000

On Wed, Feb 22, 2017 at 4:23 AM Heatley, Nick <nick.heatley@ee.co.uk> wrote:

> Post exhaustion, the majority of cellular networks and some public wifi
> networks will use DNS64.
>
> DNSSEC and DNS64 do not get along. DNSSEC for “A records only” is broken.
>
> Is this the reason why all content must go v6?
>
> Or is the case for DNSSEC still questionable?
>

It is demonstrably true that the case for DNSSEC is questioned by smart
people.

Let's assume that dnssec adds value.


We cannnot do any dnssec without EDNS0.

And, no mobile operating system i am aware of supports EDNS0

So first, we need to solve the EDNS0 issue and the total lack of mobile end
point support

Then, we may discuss how having ipv6 and aaaa is a requirement (thusly no
dns64) for dnssec to function correctly end to end.

Or do end hosts need to perform DNS64 so “DNSSEC for A records only” can be
> intact?
>
>
>
> NOTICE AND DISCLAIMER
> This email contains BT information, which may be privileged or
> confidential. It's meant only for the individual(s) or entity named above.
> If you're not the intended recipient, note that disclosing, copying,
> distributing or using this information is prohibited.
> If you've received this email in error, please let me know immediately on
> the email address above. Thank you.
>
> We monitor our email system, and may record your emails.
>
> EE Limited
> Registered office:Trident Place, Mosquito Way, Hatfield, Hertfordshire,
> AL10 9BW
> Registered in England no: 02382161
>
> EE Limited is a wholly owned subsidiary of:
>
> British Telecommunications plc
> Registered office: 81 Newgate Street London EC1A 7AJ
> Registered in England no: 1800000
> _______________________________________________
> sunset4 mailing list
> sunset4@ietf.org
> https://www.ietf.org/mailman/listinfo/sunset4
>

v2.23.0 | Report a Bug | By Email