Joe Abley wrote:
On Jun 23, 2018, at 22:45, Paul Vixie<p...@redbarn.org> wrote:
Joe Abley wrote:
I think a pragmatic solution needs to work in unsigned zones.
...
can someone ask the IAB to rule on whether any new internet technology standard
should address unsigned DNS zones, or for that matter, IPv4 networks?
"let's move on."
I agree with the sentiment, but in practical terms in 2018 I think
this is just a recipe for more DNS extensions without standardisation,
which will not help customers who want diversity in providers or who
want to be able to switch providers easily.
yes, i know, and i'm strangely OK with that. market chaos will be
painful, and could drive dnssec adoption, if the only standard way to
get some cool new thing is if you have an NSEC bitmap to work with.
we should have cut off EDNS-incompatible name service clients and
servers who could not either implement, or signal nonimplementation
successfully, after 2004. five years should be enough, but only ever
will be enough if there's Tough Love somewhere in the equation.
To the example at hand, enterprise DNS providers have already
implemented XNAME-like functionality in unsigned zones and and are
selling it. If they can't easily support a standardised mechanism,
they're going to carry on selling what they have.
right, which will hurt their addressable market calculations. bring it on!
...
If there was a visible horizon where DNSSEC was in widespread demand
and a zone being unsigned was unusual, I would think differently.
"cart, meet horse."
--
P Vixie
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
