I agree with Ben’s assumptions and conclusions.
I believe that, although I myself do not believe the assumed constraints hold
in the real world, that there will be others who do. I believe that proceeding
on the assumption that those hypothetical others’ hypothetical objections must
be addressed is the correct path. And I believe that we are not blocked from
the unoptimized/simpler path in the mean time.
-Bill
> On Nov 23, 2021, at 10:14 PM, Petr Špaček <[email protected]> wrote:
>
> On 12. 11. 21 18:32, Petr Špaček wrote:
>> Hello dprive.
>> I think that Ben Schwartz really hit nail on the head in his DSGLUE
>> presentation.
>> I suggest we _really_ try to get a better idea about design constraints
>> first, and work out their implications and protocol from there.
>> These are the crucial questions (copied and slightly modified from
>> https://datatracker.ietf.org/meeting/112/materials/slides-112-dprive-dsglue-01
>> slide 5):
>> * Can we slow down resolution of existing domains?
>> * Do we care about the latency of A2DoT-enabled domains?
>> * Do we care about A2DoT under non-A2DoT parents?
>> - i.e. protecting label N+1 after label N has leaked
>> - Can we require that non-A2DoT parents are signed?
>> * Can we add new RR types to the glue/parent side?
>> * Can the child atomically update NS/DS/glue RRSets together in the parent?
>> * Can we add new digest types to the DS record?
>> * Can we add DS RRs which do not constitute a valid DNSSEC-validation path?
>> (The last point was added by me. It equals to "Will RRR ecosystem accept DS
>> records which are really not a DNSSEC-validable path?".)
>> Let us try an experiment:
>> Could you please fill in yes/no in the following form, so we can quickly see
>> if there are totally different opinions or a rare agreement on some of the
>> points?
>> https://docs.google.com/forms/d/e/1FAIpQLSdllOX_cKT8L7bl8_jhxeQPsg1Iqam_rnD6iVVl_R4mnxBN1A/viewform
>> The form will close on:
>> Sunday 21th November 2021 23:59 UTC
>> Maybe it will move us a bit forward if we see some (common) red lines in the
>> answers. Or maybe not, we'll see.
>
> So far only five people responded, which seems to be pretty low.
>
> To give people more chance to share their thoughts I extend the form deadline
> to Sunday 28th November 2021 23:59 UTC. Please take couple minutes to respond!
>
> --
> Petr Špaček
>
> _______________________________________________
> dns-privacy mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/dns-privacy
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
