Re: revised Proposed Charter

Excellent.

Let me add that TXT records are specified in the DNS documents.  I didn't 
invent that, they did.  DNS *intends* their use (or they wouldn't be part of 
the specs) and does not prohibit their content from containing our keys. 
Such use _does not_ constitute "abuse" by any stretch.

--
Arvel


----- Original Message ----- 
From: <domainkeys-feedbackbase02(_at_)yahoo(_dot_)com>
To: <ietf-mailsig(_at_)imc(_dot_)org>
Sent: Wednesday, July 27, 2005 11:50 PM
Subject: Re: revised Proposed Charter


> --- "william(at)elan.net" <william(_at_)elan(_dot_)net> wrote:
>
> > It is in fact that design that makes putting public key in dns an issue.
> > The designers did not really see DNS as appropriate for that kind of 
> > work.
> > But why don't you ask designers yourself - namedroppers is the place.
>
> Well, I don't know about namedroppers, but Paul Mockapetris seems quite
> comfortable with extending DNS in surprising ways, such as ENUM where all 
> 4
> billion phone numbers are in the DNS, or RFID, where every RFID tag is in 
> the
> DNS.
>
> This narrowly defined notion of "appropriate" DNS usage is akin to those 
> who
> insist that email was only designed for text and sending attachments is
> "inappropriate" and risks destroying the email infrastructure.
>
> What such naysayers don't want to accept is the fact that using a 
> technology in
> novel ways is a measure of its success, not a cause for concern.
>
> I might add that experience suggests that the DNS infrastructure is 
> amazingly
> resilient and has survived all sorts of "abuse" that namedroppers never
> anticipated or wanted. How so?
>
> Think RBLs. People have deployed and queried RBL services without 
> bothering to
> get the sanction of namedroppers - they didn't create an appropriate new 
> RR,
> rather they  "abused" A RRs. They also started with zero queries per day, 
> and
> rapidly rose to perhaps billions per day. Surprise surprise, the global 
> DNS did
> not collapse.
>
> Think reverse lookup load. We have turned on and off reverse look-ups on 
> our
> inbound email at various times over the last 4-5 five years. That's a net
> change of billions of largely uncachable DNS queries per day. Did anyone
> notice? Not that I heard. Did the sky fall in? Not that I noticed.
>
> Think size of responses. At various times, for operational reasons, the MX 
> for
> yahoo.com has returned a large list of A records that are very close to 
> the
> maximum size response that fits in a UDP packet. At other times - such as 
> now -
> it returns a relatively small list of A records. I know the same has been 
> true
> of other large MX targets, such as AOL and Hotmail. In aggregate, these 
> three
> sites probably represent a substantial proportion of cached MX entries. 
> Did the
> caches fry when we made changes? Not that anyone noticed.
>
> Think call-back SMTP. I know a number of widely used products and large 
> ISPs
> woke up one day and started doing SMTP call-backs to try and verify MAIL 
> FROM
> addresses. Did anyone notice the extra millions of MX lookups when they 
> turned
> the switch on? Not that I heard.
>
>
> The simple fact of the matter is that the global DNS has proven to be
> resilient, flexible and scalable time and time again. That email is a 
> small and
> diminishing part of Internet traffic is also an important observation.
> Consequently, to suggest that the global DNS is a fragile beast and any 
> novel
> use by email needs sanction from namedroppers, for fear that the sky will 
> fall
> in, might make namedroppers feel important, and it might be PC, but it's 
> not
> even close to being a deployment necessity or imperative.
>
>
> Mark.