Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com> wrote:
For the sake of consideration of all DNS proposals, we need
to know if we
can rely on the DNS-SEC protocol being implemented.
I disagree. The problem ASRG is looking at is the spam problem.
DNS security issues SHOULD be referenced and described in drafts, but
any proposed solution SHOULD NOT be dependent on solving security
issues which are outside of the scope of ASRG.
I think it is relevant to consider the deployability of DNSSEC when
we are considering the deployability of an anti-spam solution that
has a critical dependency on it.
Whether this is IETF rules or not is irrelevant to me, far too much
of the IETF spends its time developing a protocol that depends upon
another group inventing sky hooks or anti-gravity devices.
I also think that we should take care to consider the effect that
our proposals might have on other parts of the internet infrastructure.
It is not our problem to fix the security holes in BGP, but if we
develop a protocol that creates incentives for spammers to attack BGP
we should probably bring this to people's attention so it can get fixed.
In this case I don't think that there is a strong dependence and in
any case it is possible that the DNS security problems that concern
us can be solved by other protocol mechanisms besides DNSSEC.
Avoiding a strong dependency is good.
Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg