RE: Stupid NAT tricks and how to stop them.

> From: Keith Moore [mailto:moore(_at_)cs(_dot_)utk(_dot_)edu] 
> > > maybe this is because "protocol purity zealots" take a long term 
> > > view and want to preserve the flexibility of the net "market" to 
> > > continue to grow and support new applications, whereas the NAT 
> > > vendors are just eating their seed corn.
> > Your long term view is irrelevant if you are unable to meet 
> short term 
> > challenges.
> very true.   but at the same time, it's not enough to meet short term
> challenges without providing a path to something that is 
> sustainable in the long term.
Which is why abdicating responsibility for meeting short term challenges is
so detrimental.

DNSSEC has been held up unnecessarily for five years because successive WG
chairs have failed to understand the urgency of certain critical deployment
issues.

I would also like the IAB to take a pro-active role of telling WGs that
certain requirements are essential for deployment. In the case of DNSSEC the
privacy issue of stopping zone walking is essential if there is going to be
forward progress, as is the requirement that the cost of turning on DNSSEC
on a resolver be proportional to the security value, ie. Proportional to the
number of signed zones. Blocking the technology required to address two
issues has held up DNSSEC for five years.

People can dispute opinions but not facts. The fact is that it has taken far
too long to deploy DNSSEC.

smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf