ietf
[Top] [All Lists]

Re: Last Call: RFC 6346 successful: moving to Proposed Standard

2014-12-04 04:50:56

In message <20141204060351(_dot_)GH19344(_at_)mx1(_dot_)yitter(_dot_)info>, 
Andrew Sullivan writes:
On Thu, Dec 04, 2014 at 01:11:46PM +1100, Mark Andrews wrote:

As for RFC 5011, it is a crock.  We should be using something like
CDS with start and end dates plus retry timers.

[â?¦]

That
said there are some really broken EDNS implementations out there.

[â?¦]

We also have a the following draft-andrews-dns-no-response-issue
which covers this as well as other issues.

To be clear, then, the reduction of available port numbers that is the
result of A+P is solved by some proposals in a couple Internet-Drafts,
neither of which yet has critical mass, and that depend on a feature
of the DNS that is still broken in lots of places more than 10 years
after its specification?

It's only broken because no one has been checking servers for
compliance.  All the bugs are about 5 minutes work to fix if they
actually get reported to the nameserver vendors and operators of
the servers. 

As for implementing cookies / SIT that is about a days work.  It's
actually a lot less work than port randomisation is.

Also, you think that the only actual DNSSEC TA rollover mechanism we
standardized is a crock?

Just because something is standardised doesn't mean that it is not
a crock.

RFC 5011 doesn't provide a mechanism to tell others if the operators
are using it for key management.  It overloads SEP bit.  There are
no timing parameters, one size doesn't fit all.  It increases DNSKEY
RRset size unnecessarially.

I'm just trying to calibrate what "perfectly fine" means before I send
my comments on the A+P standards-track request.

Thanks,

A

-- 
Andrew Sullivan
ajs(_at_)anvilwalrusden(_dot_)com
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka(_at_)isc(_dot_)org

<Prev in Thread] Current Thread [Next in Thread>