On 04/03/2019 23:03, Wes Hardaker wrote:
Hmmm.. very interesting idea, but I'm having a hard time seeing how this will be used in the real world in a scalable and interoperable way.
The use cases on the open internet are probably less interesting than those were client and server have a more tightly coupled relationship.
The problem with a generic mechanism like this for DNS is that the number of clients per server are potentially gigantic. And there is often not a documented relationship or even a known contact mechanism to signal changes taking place. This all makes communication of agreed upon semantics of bits not exactly impossible, but likely between difficult to extremely difficult. And misconfiguration could be potentially be dangerous, depending on the meaning of the bits. Imagine if the new bit for some flipped software suddenly switched to "I trust MD5, go ahead and believe MD5 DS records".
I suggest that I add a sentence or two about applicability, constraining it to those where the client has tight coupling (be that topologically or contractually) to a particular set of servers.
Ray _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
