On 27 Feb 2014, at 07:42, Mark Andrews <[email protected]> wrote: > DNSSEC will eventually be on by default and squatting like this will have > negative consequences.
Er, no. Vendors who pluck domain names out of the ether and use them in their products will by definition not have the DNS clue required for deploying a viable DNSSEC. Besides, in the case of CPE, they won't even *need* DNSSEC because the offending domain names (router.home or whatever) get looked up on the internal net. Most likely those names will be used by web browsers that do not have a validating resolver and are already relying on the CPE for DNS. Those lookups will almost never go to the outside, far less validate a signed referral for .whatever from the root. > There may be a need for a reserved suffix. It doesn't have to be .HOME. > Rewarding bad > behaviour leads to more bad behaviour. IMO, the draft aims to document existing bad behaviour and explains why people should stop doing those bad/stupid/wrong things. Or at least appreciate the consequences. This is a Good Thing. It might even mean fewer instances of bad behaviour in future. Whether of course the writers of CPE crapware will ever read this RFC, let alone act on it, is another matter. At least the IETF will have produced a useful document on the topic. Which is all it could do. BTW, the latest thinking (ie as of yesterday) from ICANN is .home will be reserved indefinitely: http://www.icann.org/en/news/public-comment/name-collision-26feb14-en.htm. It doesn't matter now whether someone wants to call that "rewarding bad behaviour" or not. That train left the station a long, long time ago. [And I'm long past caring either way.] So it seems to me ICANN is acknowledging reality and taking prudent measures for overall security and stability of the DNS. Too much stuff is already (ab)using .home so this TLD can't go into the public root for the obvious reasons. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
