On 13 Mar 2018, at 11:22, Ted Lemon <mel...@fugue.com> wrote:
> On Mar 13, 2018, at 11:16 AM, Joe Abley <jab...@90.212.199.in-addr.arpa>
>> I think that if Tony can be d...@dotat.at, surely I can be
>> A zone is a zone. ARPA is only special by convention, not by protocol.
> Thinking through the threat model here, when would this even work?
The canonical service that is difficult to use (or at least bootstrap) by name
rather than address is the DNS. If we imagine the intersection of the DNS and
TLS to be non-zero, there's your use case. This was Paul's point.
DNS resolvers are normally referred to by address. This does imply a need for
address stability, and a lack of the kind of agility that is possible in other
services. People who have renumbered popular resolvers whose failure has real
end-user impact are nodding right now. And possibly checking their pockets for
DNSOP mailing list