--- Begin Message ---
That all sounds about right to me, too.
I don’t remember ever yelling into a microphone at an IETF, but I do remember
signing all of .com (without NSEC3) in the span of an hour-long dnsext meeting,
to show that it was possible with affordable hardware in a reasonable amount of
time.
Brian
> On Apr 14, 2021, at 6:49 AM, Edward Lewis <edward.le...@icann.org> wrote:
>
> On 4/13/21, 7:38 PM, "dns-operations on behalf of Andrew Sullivan"
> <dns-operations-boun...@dns-oarc.net on behalf of a...@anvilwalrusden.com>
> wrote:
>
>
>> Maybe some others have a different memory of this, though?
>
> I agree with that re-telling.
>
> The idea of an opt-out/in existed prior to NSEC3, it was even implemented in
> experimental code but never released because the IETF didn't approve of it.
> (I wasn't involved in that, but I knew of it.)
>
> When I wrote the first signer (1997 or so), COM was too large to be done,
> much larger than any other zone even then, for the equipment available to me.
> I managed to sign it by doing it in pieces. While developing the protocol,
> we didn't want to treat any zone or even any kind of zone
> ("widely-delegated") as a special case. That probably (as I wasn't working
> on it myself) led to the opt-out later on.
>
> A while back I asked some involved in the NSEC3 development if they felt all
> the effort was worth it. The answer was yes, it got DNSSEC past the privacy
> concerns, rightly or wrongly (doesn't matter) and into operations. The
> context of my question were the growing revelations of code to reverse
> engineer the name chain.
>
>
> _______________________________________________
> dns-operations mailing list
> dns-operations@lists.dns-oarc.net
> https://urldefense.com/v3/__https://lists.dns-oarc.net/mailman/listinfo/dns-operations__;!!GjvTz_vk!EOdxu3O6xs7wik_vtzYm1ltvdltPaRzp0TOlBpoCatw4njiX5zET1BPjAFpltfI$
>
--- End Message ---
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
