On 14. 03. 26 5:44, Felix Linker wrote:
Hi everyone,
I'm new to the dnsop list, so maybe I miss some context. Reading the
draft, a more general question occurred to me.
The abstract mentions that a lack of good upper may lead to
vulnerabilities. But the draft itself then proceeds to list the limits
of unbound, bind 9, and limits imposed by different standards whereas I
would have expected some recommendations on upper limits.
So is the purpose of the draft to make recommendations or to list
existing limits to share information? And have these limits been
evaluated somewhere (e.g., which limit is supposed to help against which
class of vulnerabilities, their effect on benign traffic, and similar?
I think it is good to set expectations correct. If we are going to
actually set hard limits into stone (which I'm personally not sure if
feasible) we are looking at years of work.
Phase one is certainly to map what limits are out there in the wild
(which is what the draft currently has).
Second is to evaluate impact.
Third is to set limits, if we can possibly agree on any.
In other words, you are completely right :-)
--
Petr Špaček
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
