On 5/13/19 5:17 AM, Brian Dickson wrote: > Thoughts? There's the hiding problem due to aggressive caching, especially when forwarding to a resolver that does aggressive caching (1.1.1.1 is well-known but there are more). https://tools.ietf.org/html/rfc8145#section-5.3.1 If the label was extended to a large number of possible values, the workaround suggested in the RFC or wildcard wouldn't help. Moving the labels to an unsigned zone would solve that. So far there's been no work-around deployed; I don't know why.
I agree privacy concerns might be a significant problem. I'm not even sure about usefulness of information like host UUID. I can't see how it helps with estimation of amount of internet population affected by a problem - or with finding what SW/configuration caused it. Another fundamental issue is, I believe, that in short term similar signalling will only show information from better-maintained instances that are up to date and thus much less interesting. It _might_ get more useful after several years, but that would need careful planning/anticipation wrt. what information we expect to be useful in more distant future. --Vladimir
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
