Oops. Mailer problems and obviously misdirected... (intended to be sent to someone with whom I worked on the name collision stuff :))
Sincere apologies. Regards, -drc On Jul 28, 2014, at 3:34 PM, Casey Deccio <[email protected]> wrote: > I have to admit I have struggled to not respond to Casey (who works for VRSN) > with: > > "Well, there wasn't much empirical evidence that name collisions could cause > problems, yet..." > > :) > > Regards, > -drc > > On Mon, Jul 28, 2014 at 10:05 AM, David Conrad <[email protected]> wrote: > Hi, > > On Jul 28, 2014, at 5:48 AM, Nicholas Weaver <[email protected]> > wrote: > > The IPv6 net has decreed “No, really, FRAGMENTS DO NOT WORK”. > > This could be a bit of an issue when the DNSSEC root key is rolled. Could > someone point me to a writeup and/or data as to how we know the above decree? > (I'm not disagreeing, I just haven't really been following this for a while). > > > As one data point, the current top DNSKEY response sizes for TLDs (all using > UDP) are: > > xn--fiq228c5hs. 1669 > xn--6frz82g. 1657 > xn--3ds443g. 1657 > rich. 1629 > post. 1629 > pink. 1629 > info. 1629 > blue. 1629 > asia. 1629 > red. 1625 > org. 1625 > onl. 1625 > kim. 1625 > sc. 1621 > pr. 1621 > mn. 1621 > me. 1621 > lc. 1621 > in. 1621 > gi. 1621 > bz. 1621 > ag. 1621 > bg. 1567 > xn--fiqz9s. 1505 > xn--fiqs8s. 1505 > am. 1479 > cn. 1473 > dk. 1459 > > All of the above result in IPv6 fragmentation, and nearly all also result in > IPv4 fragmentation---both assuming a 1500-byte PMTU and a resolver using an > EDNS UDP payload value sufficient to hold the entire payload. This list has > changed over time, through key rollovers and such. > > Has there been empirical or anecdotal evidence to suggest that DNSSEC > validation has been broken for these TLDs for some population? > > I'm not suggesting that fragmentation is pretty, and I'm quite aware of path > problems with fragmentation (some of them having been worked around by > resolver implementations and configurations, as Tony indicated). > > Casey
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
