On Thu, Mar 24, 2016 at 08:33:28AM +1000, George Michaelson wrote: > Very strong +1. The % of incoming query with DO set is far, far higher > than the % of incoming query seen at authority who subsequently ask > for DS/DNSKEY at zone and parent. There is a good, strong indication > that resolvers pass DO as a compile/run flag of capability to handle > additional records in response, not as an indication of intent to > perform any function using them.
I might feel more comfortable if the proposal required DO, but AFAICT it doesn't (I might have misread, of course. I found the I-D a little terse). If it does require DO, however, we're back to requiring EDNS0. In that case, we could just use an EDNS0-based signal. As I think many here know, I am not of the get-off-my-lawn persuasion for DNS innovations. I don't think it's a bad idea in principle. I'm just aware that we have this long history, and that history was based on a certain kind of conservatism that is arguably appropriate to a technology quite as fundamental to the Internet functioning as the DNS is. If we're going to abandon that conservatism, I think it needs quite a lot more early IETF buy-in than we might get by developing this work here in DNSOP. The more signal we can get to suggest that DNS actors are ok with the innovation, the lower I think that bar gets. Best regards, A -- Andrew Sullivan a...@anvilwalrusden.com _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
