On 2014-02-16, at 11:39, Patrik Fältström <[email protected]> wrote:
> - We can not use new RR Types, lets use A and TXT > - DNSSEC will never take off > - Lets just use HTTP for transport I think we are suffering from a knee-jerk instinct to say no to ideas that we assume will never work in the real world. We can't add more transports (e.g. SCTP), because even if implemented there's just too much middleware in the world that will interact badly. We can't add more resource records, because there are nameserver implementations that don't deal with opaque types properly, and won't allow the new resource records to be published. We can't do anything that will cause larger responses, because EDNS support is not widespread, and in any case the network can't reliably deliver fragments. If we believe all these problems are intractable, then we might as well just accept that overloading TXT records and reflection attacks are a fact of life, and stop worrying about them. What I would prefer, though, is a more entrepreneurial approach where the likelihood of short-term operational problems (or even long-term failure of the work) should not stop us from trying. Rich people are the ones that realise that you only need one out of ten business ventures to succeed to get a pay out. So, how about a starting point where we assume that if a particular extension has value to anybody, the operators (the market) will adjust to allow it to work, and if it doesn't, then adjustments are not necessary? Anybody else feel like working on the specification for SCTP transport? :-) Joe
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
