On Fri, Dec 20, 2024 at 08:49:09AM UTC, Bill Woodcock wrote:
Our protocol mechanisms should be able to address all possible use cases
deployed in the field, not a subset.
I agree with Shumon. These are both common use-cases, particularly the latter,
and multi-signer mechanisms must accommodate them if they’re to be relevant.
To be relevant for what? It seems that people have forgotten that voluntary
standards don't have a way to force people to make implementations the way one
might prefer they be made. Moreover (and perhaps most relevant to the case
that kicked off this thread), it is entirely possible that an implementation
nominally supports a given deoployment model, but the code path is badly enough
tested that a responsible operator might choose not to rely on that code.
It is unfortunate that DNSSEC has demonstrated itself to be awfully complicated
in ways many people are not prepared for, and perhaps more unfortunate that at
some stages of the protocol's development there were people pushing for simpler
or more familiar modes of operation and they were dismissed (at least, that's
the way I remember a couple of events). But it's the protocol that we got, and
I think therefore that people are going to have to acknowledge, as Joe Abley
did earlier in the thread, that operators will sometimes choose modes of
operation that the rest of us wish they would not, just because those are valid
alternatives under the protocol. If that's unacceptable, then it would seem to
me the protocol would need an update, and I don't see anyone clamouring for
that.
Best regards,
A
--
Andrew Sullivan
a...@anvilwalrusden.com
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
