ietf
[Top] [All Lists]

Re: [Fwd: [Asrg] Verisign: All Your ...

2003-09-16 07:36:30
On Tue, 16 Sep 2003, Edward Lewis wrote:

At 14:18 +0100 9/16/03, Zefram wrote:
It is necessary that the wire protocols distinguish between existence and
non-existence of resources in a standard manner (NXDOMAIN in this case)
in order to give the client the choice of how to handle non-existence.

[ on dns not the best choice for authoritative non-existence ]

are not in the reverse DNS map.  So, to those who were relying on DNS
for "existence" or "legitimacy," perhaps they need to consider an
alternate method.  (Namely something like whois or crisp.)

I'm not sure whether thats a good idea.  The main fuss at the moment,
apart from Verisign acting without consultation, is that a lot of
automated software makes the assumption that 'NXDOMAIN' means 'Does Not
Exist'.  Adding the wildcard removes this assumption, and removes DNS as a
useful stateless low-overhead method of existence-verification.

For these items of software to change from using a stateless method of
existence-verification with low overhead, to using a semi-stateless method
of existence-verification with high overhead, is something akin to the Y2K
bug in scope, albeit without all the hype.

Operationally, having one's not-low-overhead whois server being hit by
automated queries solely for existence-verification is a terrible state of
affairs.

PPS - Maybe this will raise the need for the CRISP WG to develop a protocol.

I can see a lot of people requesting a low-overhead stateless subset of
crisp/whois.

-- 
                             Bruce Campbell      I speak for myself.