On Wed, 15 Nov 2023 10:13:22 +0100 "libor.peltan" <libor.pel...@nic.cz> wrote:
> Hi Philip, Hello Libor, > I don't really want to discourage you, but I think this is in general > a bad idea: optimizing for the best case, but no benefit -- or even > twice(?) as more resources consumption -- under a random-subdomain > attack. It seems to me that your point is good to mention in the document as a possible operational risk or describe how you can mitigate it if we can think of a good way to do that. > It looks even weirder to me when I see you argumenting with DDoS > protection in the draft Introduction. > > However, Erik indicated that some commercial services are already > doing this, so I might be wrong in considering it a bad idea (or > might not). If the conclusion would be that it is a bad idea after discussing it here, that would also be valuable information for people considering it. -- Stefan Ubbink DNS & Systems Engineer Present: Mon, Tue, Wed, Fri SIDN | Meander 501 | 6825 MD | ARNHEM | The Netherlands T +31 (0)26 352 55 00 https://www.sidn.nl
pgppiwBTopEWV.pgp
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
