Re: DNSSEC architecture vs reality

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "The IETF List" <ietf@xxxxxxxx>
Subject: Re: DNSSEC architecture vs reality
From: Patrik Fältström <paf=40frobbit.se@xxxxxxxxxxxxxx>
Date: Tue, 13 Apr 2021 12:16:29 +0200
In-reply-to: <5DFC979A-7641-49B2-A2F4-81F737790C6D@cisco.com>
References: <YHN5ObR0eqea8Mrc@straasha.imrryr.org> <CABrd9SRdw9baHD5-j9nz4Zv5JjfL35TgaTvS787orEyGxZdKzA@mail.gmail.com> <YHOAzeOj1JaGdmsO@straasha.imrryr.org> <5e91c054-5935-df07-e8ba-09cc78f6c950@network-heretics.com> <YHPSP8Kij2K4v7qQ@straasha.imrryr.org> <82c5fcc6-b419-6efb-b682-b5dbb32905e2@network-heretics.com> <585D8590-472B-4CBC-8292-5BE85521DD76@gmail.com> <a6545baf-b15e-3690-d7b5-be33c4078e02@mtcc.com> <20210412221435.GV9612@localhost> <0755b70e-cc8e-3404-73cd-51950b3d7e53@mtcc.com> <20210412222748.GW9612@localhost> <26BBCA02-AC18-476B-926E-9AC37A7FBBE2@depht.com> <8C8A4B56-6B8C-4D53-965C-07CE636E3FB9@frobbit.se> <5DFC979A-7641-49B2-A2F4-81F737790C6D@cisco.com>

On 13 Apr 2021, at 11:56, Eliot Lear wrote:

> My conclusion: why choose?  Both validation AND signing is a problem, especially if we do not want to encourage market concentration.

Because doing signing is viewed as a cost, and there must be a benefit in doing the signing. This is why validation must come first. The cost is low, and you have to do it in relatively few places (the large access providers). So easier to convince them than the ones that are to start signing zones (which is more work).

   Patrik

Attachment: signature.asc
Description: OpenPGP digital signature

Follow-Ups:
- Re: DNSSEC architecture vs reality
  - From: Masataka Ohta

References:
- Re: Quic: the elephant in the room
  - From: Viktor Dukhovni
- Re: Quic: the elephant in the room
  - From: Ben Laurie
- Re: Quic: the elephant in the room
  - From: Viktor Dukhovni
- DNSSEC architecture vs reality (was: Re: Quic: the elephant in the room)
  - From: Keith Moore
- Re: DNSSEC architecture vs reality (was: Re: Quic: the elephant in the room)
  - From: Viktor Dukhovni
- Re: DNSSEC architecture vs reality
  - From: Keith Moore
- Re: DNSSEC architecture vs reality
  - From: Petite Abeille
- Re: DNSSEC architecture vs reality
  - From: Michael Thomas
- Re: DNSSEC architecture vs reality
  - From: Nico Williams
- Re: DNSSEC architecture vs reality
  - From: Michael Thomas
- Re: DNSSEC architecture vs reality
  - From: Nico Williams
- Re: DNSSEC architecture vs reality
  - From: Andrew McConachie
- Re: DNSSEC architecture vs reality
  - From: Patrik Fältström
- Re: DNSSEC architecture vs reality
  - From: Eliot Lear

Prev by Date: Re: DNSSEC architecture vs reality
Next by Date: Re: DNSSEC architecture vs reality
Previous by thread: Re: DNSSEC architecture vs reality
Next by thread: Re: DNSSEC architecture vs reality
Index(es):
- Date
- Thread

[Index of Archives] [IETF Annoucements] [IETF] [IP Storage] [Yosemite News] [Linux SCTP] [Linux Newbies] [Mhonarc] [Fedora Users]