William, On Jul 8, 2014, at 7:28 AM, William F. Maton Sotomayor <wma...@ottix.net> wrote: > How can I as a user ensure that what Google does in the name of moi, can be > verified to be an untampered copy of the root zone?
The same way you can do so now: you validate the response yourself. > How do I know if my ISP, etc. are running a local copy of the zone? Assuming they don't tell you, perhaps reduced latency, particularly in non-existent TLD cases. > Can I call RSACC to complain about an outage? Heh. > BCP or informational (cautionary tales)? Personally, I'd prefer informational until there is more publicly discussed deployment experience. There are undoubtedly quirks, tricks, and gotchas that will come out as people discuss what they've been doing more publicly. Perhaps a second iteration would fit into BCP. > I see mentions of 'Resolution Provider'. Is this a BCP for only them, or can > anyone join the local auth zone party at their own risk/pleasure, at which > point it's informational or still BCP? What is the litmus test? I'm not sure there can be a litmus test. What's being discussed is a technique anyone running a resolver can implement. It's not like an informational RFC or BCP on the topic would be creating a new capability. It would, as Ralf points out, be documenting an existing practice. > There were good intentions behind the Cymru bogon list. Every once in a > while, we start to see complaints of former bogons being unreachable because > they're no longer bogons. Is there a similar risk for that here and should > it be identified? Isn't this a variation of the "stale data" problem? In the worst case (where a resolution provider does not refresh), you can always point to a different resolution provider (or do it yourself). Regards, -drc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
