Jim,
Jim Fenton wrote:
It isn't productive to dismiss DNS administrators who are resistant to
adding many ADSP records as "lazy", "hostile", and/or "incompetent". It
makes it sound like they aren't worthy of using ADSP. But they are, as
far as this protocol is concerned, our customers.
Whatever one thinks of the tone used to express the issue, the objective fact
is that the two-level mechanism specified in the current draft is attempting
to define a new, two-level semantic on the DNS. As such, it is a paradigm
change.
One should make paradigm changes to long-standing infrastructure services only
when there is clear and substantial benefit and very, very broad support for it.
I keep waiting for proponents of this 'feature' to solicit technical review
from independent DNS and security experts, for assessing the likely benefit as
balanced against the likely cost.
The requirement to publish large numbers of ADSP records is a barrier to
its widespread adoption
That's a view I do not recall seeing phrased quite that way before. It's
nicely succinct and pragmatic. The only question is where is its basis and,
again, the broad support for the assessment that substantiates it?
For example, John has provided some counter-arguments suggesting that the
actual, incremental effort to deal with a large number of parallel, related
domains -- for this particular RR -- is not all that high, particularly in
light of the core requirement for change to tools, needed to support even only
one name and record. In addition, I haven't seen an analysis that explains
who all these affected domain name owners are likely to be. In other words,
to be a serious barrier to adoption, it must be a serious barrier and it must
affect a significant portion of potential adopters. Where is the analysis
that demonstrates this? Where is the groundswell of their calling for this
feature?
broad coverage for domains. This can be addressed with tools, but the
requirement to add tooling to achieve good ADSP coverage is also a
deployment barrier.
As John noted, there is already a requirement for modifying tools, in order to
support ADSP.
Similar concerns led the WG to the use of TXT
records rather than a new RR.
Not really. The infrastructure barrier to support of a new RR exists with both
those who create the record as well as those access it.
The barrier for ADSP is only with those who create the record. Very, very
different dynamic.
There are a lot of DNS management tools
out there that would need to change in order to publish the necessary
ADSP records, and this would take considerable time.
They already need to change, to support one record (for one domain.) How is
there something fundamentally worse about having to support many?
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html