Steve Crocker wrote:
[As entertainment for the audience, I am sure everyone will enjoy seeing
my brother and I take opposite sides in this discussion. Enjoy ;) ]
...
There are three distinct elements of what's being planned.
...
Russ's note initiated discussion of this last piece without setting the
context with the first two pieces. Let me say a few words about each
piece.
...
In line with David's note, there are indeed a lot of details to cover,
including explanatory notes on how end systems need to be configured to
ask for signed responses. measurements, etc., etc. All normal stuff and
all part of what we are more than capable of doing all the time.
Steve, et al,
Damn. Given your opening, I was hoping for something a little more
entertaining. Especially since the only "side" my note was intended to take was
to observe the stated objections and suggest moving into a project-planning
mode, so that debate was about concrete details.
What you've done is to agree that there are quite a few details. As you note,
the mailing list didn't yet have the context to be aware that, apparently, many
are already in place.
So I'd class your note as a follow-through of mine, rather than opposing it...
Reference to signing ietf.org suggests that the intent is to limit the
experiment to operation within the ietf.org domain name. But since you and
others have refereed to other branches that are signed, I assume more elaborate
scenarios are intended to work.
That is, since we know that the full DNS tree isn't signed, I assume that there
are constraints on the scenarios that can be tested.
What are they?
And in line with your final paragraph, we do need details for the many client
platforms: linices, windows, and mac platforms... and maybe some of the mobile
ones, such as WM7, Android, ...?
A quick google for windows dnssec produces no useful points high in the sequence.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf