On 4/21/21 11:03 AM, Christian Huitema wrote:
The meta question is whether that is so off topic that it needs to be
officially shut down with the working group chairs. The technical
merits are what they are. What I was told in no uncertain terms is
that I am not allowed to even ask the question. Is that appropriate?
There are a couple of topics that would be clearly appropriate for the
QUIC working group. A document describing your experience deploying
QUIC+DANE, for example, would be on topic. If there are issue
preventing mutually agreeing clients and servers from using QUIC and
DANE, that too would be very much on topic. On the other hand, your
latter posts focused on the development of the Chrome browser, its
level of support for DANE, and Google's willingness to deploy DNSSEC
in their domains. That very much off topic for the QUIC WG.
The reason I wrote my post is precisely because I *don't* have the
resources to do such an experiment, and even if I had all of the code
and signed domain my experience would be anecdotal at best. Only one of
the big browser vendors could meaningfully run such an experiment. The
overarching problem here though is *where* is the appropriate venue to
ask questions or make observations? I got told to go elsewhere, well
where is this "elsewhere" precisely?
That said, one of the interesting things coming out of this is that
maybe there really are some fundamental issues surrounding DNSSec
deployment. Why have none of the browser vendors signed their zones?
Mike