On November 7, 2018 7:56:14 AM UTC, "Murray S. Kucherawy" <[email protected]>
wrote:
>On Wed, Nov 7, 2018 at 11:54 AM Scott Kitterman <[email protected]>
>wrote:
>
>> My estimation is that this would change very rarely. If I were
>developing
>> software for this, I'd probably check at build time and use that
>unless
>> there
>> are some reason to update. Not that people won't try, but I think
>not
>> very
>> real time is sufficient.
>>
>
>Sure, but:
>
>(a) You are probably a more reasonable and thoughtful implementer than
>average; and
>
>(b) It only takes one large operator to, through neglect or a desire to
>ensure up-to-the-minute data, disregard any query rate advice we give
>and
>accidentally DoS IANA off the 'net.
>
>If IANA doesn't have a highly scalable CDN in front of it, which I
>doubt,
>then this is something the IESG would legitimately raise (as they did
>with
>WEIRDS) when this goes up for formal review.
>
>DBOUND tried to do this inside the DNS, which solves the CDN problem,
>but
>it couldn't reach consensus on the preferred approach, and shut down
>not
>long ago without producing anything.
Unfortunately, I didn't come up with an idea for how to do this in DNS. This
seems like a legitimate issue for the WG to work through.
There are lots of ways to do denial of service attack protection without a CDN.
I would hope it's not so trivial to bounce IANA off the net.
Scott K
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
