ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Stupid NAT tricks and how to stop them.

2006-03-27 12:49:48
from [Scott Leibrand] [Permanent Link] 
On 03/27/06 at 11:38am -0800, Hallam-Baker, Phillip 
<pbaker(_at_)verisign(_dot_)com> wrote:


People can dispute opinions but not facts. The fact is that it has taken far
too long to deploy DNSSEC.


Just a nit, as I can't really disagree with your assertion (nor can I
necessarily agree with it, as I haven't been involved with DNSSEC), but:

The words "too long" flag your statement as an opinion, not a fact.  The
fact that you assert a statement is a fact doesn't necessarily make it so.

-Scott



From: Keith Moore [mailto:moore(_at_)cs(_dot_)utk(_dot_)edu] 





maybe this is because "protocol purity zealots" take a long term 



view and want to preserve the flexibility of the net "market" to 



continue to grow and support new applications, whereas the NAT 



vendors are just eating their seed corn.







Your long term view is irrelevant if you are unable to meet 



short term 



challenges.







very true.   but at the same time, it's not enough to meet short term



challenges without providing a path to something that is 



sustainable in the long term.




Which is why abdicating responsibility for meeting short term challenges is

so detrimental.



DNSSEC has been held up unnecessarily for five years because successive WG

chairs have failed to understand the urgency of certain critical deployment

issues.



I would also like the IAB to take a pro-active role of telling WGs that

certain requirements are essential for deployment. In the case of DNSSEC the

privacy issue of stopping zone walking is essential if there is going to be

forward progress, as is the requirement that the cost of turning on DNSSEC

on a resolver be proportional to the security value, ie. Proportional to the

number of signed zones. Blocking the technology required to address two

issues has held up DNSSEC for five years.



People can dispute opinions but not facts. The fact is that it has taken far

too long to deploy DNSSEC.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________

Ietf mailing list

Ietf(_at_)ietf(_dot_)org

https://www1.ietf.org/mailman/listinfo/ietf


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Stupid NAT tricks and how to stop them., Hallam-Baker, Phillip
Next by Date:  RE: Stupid NAT tricks and how to stop them., Hallam-Baker, Phillip
Previous by Thread:  RE: Stupid NAT tricks and how to stop them., Hallam-Baker, Phillip
Next by Thread:  Re: Stupid NAT tricks and how to stop them., Keith Moore
Indexes:  [Date] [Thread] [Top] [All Lists]