On 13 Mar 2018, at 11:22, Ted Lemon <mel...@fugue.com> wrote:

> On Mar 13, 2018, at 11:16 AM, Joe Abley <jab...@90.212.199.in-addr.arpa> 
> wrote:
>> I think that if Tony can be d...@dotat.at, surely I can be 
>> jab...@90.212.199.in-addr.arpa.
>> A zone is a zone. ARPA is only special by convention, not by protocol.
> Yup.
> Thinking through the threat model here, when would this even work?

The canonical service that is difficult to use (or at least bootstrap) by name 
rather than address is the DNS. If we imagine the intersection of the DNS and 
TLS to be non-zero, there's your use case. This was Paul's point.

DNS resolvers are normally referred to by address. This does imply a need for 
address stability, and a lack of the kind of agility that is possible in other 
services. People who have renumbered popular resolvers whose failure has real 
end-user impact are nodding right now. And possibly checking their pockets for 


DNSOP mailing list

Reply via email to