On 2012-05-17 5:08 PM, Andrew Sullivan wrote: > On Thu, May 17, 2012 at 01:39:44PM +0000, paul vixie wrote: >> i realize that this will just move the game down-level to the tld's, > If I read you correctly, in military terms you are arguing there for a > retreat to a location that is itself not securable, and …
no. (you're not reading me correctly, or at least, that is not a correct restatement.) >> ... but by the time that part of the game is playing >> out, i'm hoping for relevant penetration levels of dnssec. > … then arguing that the hoped-for availability of a future tactical > advantage will mean that the location you just gave up would have held > anyway. I think I disagree with the strategy. i would too, if that strategy had been proposed. now that we're apparently done arguing about the other proposal nobody had made (which was "encouraging route hijacking or policy routing to answer root server queries locally") let's summarily dismiss this proposal which nobody has made, too. (noting, this isn't an ietf mailing list nor usenet, yet here we are spending a week arguing about proposals nobody has made rather than trying to discover what proposal has actually been made.) it's not practical or allowed by ACL to stealth-slave for COM, NET, ORG, or the larger CCTLD's. that makes the problems solved by stealth slavery unsolvable at the second level. which does not invalidate the arguments for doing it at the root zone level, where it is practical, and where it will be a perceived good and may also be an actual good, and which is non-preventible in any case, and which is happening today at some scale but without any recommendations in the form of an FYI or BCP RFC. paul _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
