On Fri, Apr 13, 2012 at 04:38:10PM -0700, David Conrad wrote: > On Apr 13, 2012, at 3:30 PM, Jaap Akkerhuis wrote: > >> More pragmatically, while I understand the theory behind rejecting NTAs, > >> I have to admit it feels a bit like the IETF rejecting NATs and/or DNS > >> redirection. I would be surprised if folks who implement NTAs will stop > >> using them if they are not accepted by the IETF. > >> > > it is still not a reason for the IETF to standardize this. > > With the implication that multiple vendors go and implement the same > thing in incompatible ways. I always get a headache when this sort of > thing happens as the increased operational costs of non-interoperable > implementations usually seems more damaging to me than violations of > architectural purity. Different perspectives I guess.
What's to standardize (or be incompatible)? Each recursive resolver already has different mechanisms for configuring it, and I'd imagine that the list of NTAs would be configured similarly to (for example) its TAs & DLVs. If you're thinking of some kind of DLNV (similar to the DNS-based spam blacklists), then there's something to talk about, but in that case I'd want it to be secured via DNSSEC, and let's hope the operators of those don't screw up or start blacklisting each other. (Either on purpose or due to unfortunate timing.) Attacking DLNV zones would have a nice amplifying effect, too, if the need for them is widespread enough to be worth standardizing. -- Scott Schmit
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
