[EURO-Discuss] ALAC-WG on DNSSEC
Lutz Donnerhacke
lutz at thur.de
Mon Sep 1 11:01:59 EDT 2008
On Mon, Sep 01, 2008 at 03:24:25PM +0200, JFC Morfin wrote:
> I blame no one. I just infer from your semantic (and side echoes from
> ccNSO) that the actual purpose is not technical validation but
> production, while production implies much more than technical validation.
I like to use the existing testbed for a two week production grade test over
the Cairo meeting. Consider it as a testbed, too. This does not mean, that
all root servers out there got be signed in those days, but the recursive
server at the meeting do the validation with the testbed servers.
> >DNSSEC is one of the current activities of ICANN and therefore a current
> >matter for ALAC. One might ask if DNSSEC is too urgent for AtLarge, the
> >ALSes, and the users out there. Because AtLarge should guide the process,
> >the ALSes should think about this subject. That's why I like to have a track
> >on the summit.
>
> This is correct. However, my question is for the ALAC (on behalf of
> the users) to decide first that DNSSEC / EDNS0 and NSEC3 is the way
> to go, technically, strategically and politically wise.
Yes, that should be discussed.
> The role of an advisory committee is to just that, not to copy others'
> positions. In the process ALAC should also come with additional DNSSEC
> deployment advises about the user side and the global consistency.
Ack.
> For example, I raised the question at the IETF/WG-IDNABIS of the
> DNSSEC + IDN + IDNccTLD datagram size. When you consider the real
> status of the Internet
> (http://www.caida.org/workshops/wide/0801/slides/castro-ditl_comparison.pdf)
> you see that the EDNS0 proportion decreases.
The reason might be simple: DNS servers does not use EDNS0 by default
anymore, only when needed. And they turn off EDNS0 per server, if any error
occured. I would not claim that EDNS0 support decreased.
> >Of course. Unbound is sponsored by Verisign and the code was written by the
> >big, bad, and ugly NSA agents. ... Sorry, please let keep us on safe grounds.
>
> If this is your position I leave it to you. If it is supposed to a
> joke at mine, I afraid you are totally out target :-)
I forgot to add an irony ascii-art, sorry.
> >That's why the introduction of DNSSEC is much easier than any IPv6 rollout.
>
> As Euralo we have no Chinese user online. It would be interesting to
> know from them. Or from Comcast.
Why do you look far away? Why do you not accept experience from others?
What do you expect?
http://www.ipv6council.de/events/german_ipv6_summit/programme.html
http://www.guug.de/veranstaltungen/ecai6-2007/abstracts.html
More information about the EURO-Discuss
mailing list