On 11/13/17, 21:15, "DNSOP on behalf of Paul Wouters" <dnsop-boun...@ietf.org on behalf of p...@nohats.ca> wrote:
>> I'm not sure that the need for robustness outweighs the expectation of
>> someone explicitly adding a trust anchor anymore.
>But that’s not your call to make, but the call of the entity deciding to put
>in that hard-coded trust anchor.
To clarify, the "robustness" was the goal of the protocol design leading up to
the 2004 publication of the current DNSSEC definition, it's not a call anyone
is making now.
The goals of robustness, local policy, and other factors fed into the current
design. How these, sometimes conflicting, objectives were weighted was
subjective and with more 20/20 hindsight, perhaps the weightings were wrong.
>We just ask you not to block us from doing as we have been doing for years.
I don't know how to take this - what's being discussed is the way the protocol
was designed in the past versus how implementations have chosen to go. In the
spirit of code trumps spec, then specifications need to catch up if there's a
deviation.
>I would like split-DNS to die too but I dont think that’s happening soon.
Arguing split-DNS would be another thread, I want to clarify that the "too" in
your quote shouldn't implicate anything I've said about split-DNS meaning I
wished it to "go away". (I.e., I see split-DNS as a reality.)
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
