Joe Abley wrote: > ... > If we believe all these problems are intractable, then we might as well just > accept that overloading TXT records and reflection attacks are a fact of > life, and stop worrying about them.
reflection attacks aren't a fact of life. DNS RRL does not require a forklift upgrade of the infrastructure, isn't stopped by middleboxes, and does not change the protocol. i think you should discriminate more finely as to what we ought and ought not give up about. > What I would prefer, though, is a more entrepreneurial approach where the > likelihood of short-term operational problems (or even long-term failure of > the work) should not stop us from trying. ... those were my exact words upon the publication of RFC 2671. it's been fifteen years. i think if any change to the dns protocol was going to be useful enough to overcome edge corruption and edge inertia, it would be EDNS0. however, it's heartening to see another generation of cannon fodder lining up to enter the trenches. you go, joe. i'll cheer you on. but i'll be working on a RESTful/JSON API to hide DNS edge traffic inside TLS, in sessions not managed by any X.509 CA, while cheering you on. > So, how about a starting point where we assume that if a particular extension > has value to anybody, the operators (the market) will adjust to allow it to > work, and if it doesn't, then adjustments are not necessary? > > Anybody else feel like working on the specification for SCTP transport? :-) go, joe, go! vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
