On Sep 21, 2010, at 10:14 PM, Doug Barton wrote:

> On 9/21/2010 7:46 AM, Kalman Feher wrote:
>> It may well be analogous to that (though I disagree), but the quote does not
>> substantiate why knowing public information is bad. In the example above,
>> you've simply saved your switchboard and the caller some time. If you don't
>> want someone to know it, don't make it public (at the very least).
>> You'll have to accept that no matter what steps you take, your public
>> information will be available to those who wish to find it. Taking steps to
>> prevent that is likely to waste more of your time than it will of those
>> looking.
> When this topic first came up 12+ years ago I (and others) said that DNSSEC 
> would never see wide deployment unless the ability to walk the zone was 
> eliminated. We were all poo-pooed at the time with lots of "security through 
> obscurity, LOL" type arguments. Development of DNSSEC specs continued to 
> ignore the need to eliminate zone-walking for almost a decade until finally a 
> consortium of folks more influential than I put their foot down and hammered 
> out the NSEC3 spec (abridging the history here for the sake of a good story).
> My point being, it really doesn't matter if you agree with the reasoning or 
> not, whether you understand the use case(s) or not, or whether you ever 
> deploy NSEC3 or not. The fact is that there are a non-trivial number of 
> organizations who will not deploy DNSSEC without it, so attempting to 
> convince people not to use it is pointless.

This is *very* true, and (IMO) something that I think it would be very useful 
for the v6 community to fully grok -- it matters not how awesome your solution 
is, if it doesn't do what the customer wants, they just won't deploy it....

(see the DHCPv6 discussions, etc)...


> Doug (... and it annoys the pig)
> -- 
>       ... and that's just a little bit of history repeating.
>                       -- Propellerheads
>       Improve the effectiveness of your Internet presence with
>       a domain name makeover!    http://SupersetSolutions.com/
> _______________________________________________
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

bind-users mailing list

Reply via email to