RE: Stupid NAT tricks and how to stop them.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/27/06 at 11:38am -0800, Hallam-Baker, Phillip <pbaker@xxxxxxxxxxxx> wrote:
>
> People can dispute opinions but not facts. The fact is that it has taken far
> too long to deploy DNSSEC.

Just a nit, as I can't really disagree with your assertion (nor can I
necessarily agree with it, as I haven't been involved with DNSSEC), but:

The words "too long" flag your statement as an opinion, not a fact.  The
fact that you assert a statement is a fact doesn't necessarily make it so.

-Scott

> From: Keith Moore [mailto:moore@xxxxxxxxxx] 



> > > maybe this is because "protocol purity zealots" take a long term 

> > > view and want to preserve the flexibility of the net "market" to 

> > > continue to grow and support new applications, whereas the NAT 

> > > vendors are just eating their seed corn.

> > 

> > Your long term view is irrelevant if you are unable to meet 

> short term 

> > challenges.

> 

> very true.   but at the same time, it's not enough to meet short term

> challenges without providing a path to something that is 

> sustainable in the long term.



Which is why abdicating responsibility for meeting short term challenges is

so detrimental.



DNSSEC has been held up unnecessarily for five years because successive WG

chairs have failed to understand the urgency of certain critical deployment

issues.



I would also like the IAB to take a pro-active role of telling WGs that

certain requirements are essential for deployment. In the case of DNSSEC the

privacy issue of stopping zone walking is essential if there is going to be

forward progress, as is the requirement that the cost of turning on DNSSEC

on a resolver be proportional to the security value, ie. Proportional to the

number of signed zones. Blocking the technology required to address two

issues has held up DNSSEC for five years.



People can dispute opinions but not facts. The fact is that it has taken far

too long to deploy DNSSEC. 

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________



Ietf@xxxxxxxx

https://www1.ietf.org/mailman/listinfo/ietf

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]