Patrik, On Apr 15, 2012, at 10:19 AM, Patrik Fältström wrote: > I.e. with the help of standardized NTAs, it will be easier for parties to > always be able to give back responses, regardless of whether they validate or > not.
Or, more specifically, will be easier for parties to give back the same responses that their (non-validating) competitors do. > In Sweden, for some reason, we managed to get people to deploy validators > without being afraid of the risk of being blamed. I'm guessing the reason has to do with scale. It might be helpful to get an idea from ISPs in Sweden how many validation failures they have seen (and how many calls they get as a result of those validation failures). Given the lack of signed zones, I'm guessing the number of validation failures is in the noise. It's only when you get a lot of (popular) zones signed and a lot of people behind validators that false positive validation failure becomes an issue. > I think one thing it can help with is to make it more understandable to /. > people who is to blame for the inability to reach whatever is to be reached. I don't think /. folks are significant in the decision making. I suspect what is more significant are the number of paying customers impacted by validation failure. > Or let me ask you differently, if many access providers and not only Comcast > started to do validation at the same time, would we be in a different > situation? Potentially. However, I suspect it has more to do with the number of false positives caused by the relative immaturity of the available tools. As the tools get more mature and validation failures become caused more by malicious intent than all too easily caused mistakes, the desire for NTAs will wane (particularly given the implicit risks an ISP takes on when deploying an NTA). Regards, -drc _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
