At Tue, 15 Nov 2016 04:21:05 +0100 (CET), Ondřej Surý <ondrej.s...@nic.cz> wrote:
> > I'm not sure how you can be so sure about the author's assumption when > > the draft itself doesn't explicitly clarify the assumption (maybe > > based on an off-list conversation with Fujiwara-san?), but if that's > > actually the assumption, the current draft text is IMO so confusing > > and misleading. In that sense I'm with Bob and Stephan, and the draft > > should be much clearer on the assumption. > > > > And IMO, with the assumption *corrected*, the draft's recommendation > > becomes even less convincing to me. > > True, those are my assumptions about the draft based on the real world > experiences about the general mess that DNS usually is and experiences > with implementing a DNSSEC-validating resolver that has to cope with > such mess. > > Therefore my view is that the resolvers cannot make any assumptions that > anything in the DNS is *correct*, but only that it's as good as it gets > and try hard to fulfill the original query. > > I generally think that we should improve the DNS if the overall outcome > will be a better protocol (in any of stability, determinism, reliability, > resilience, add your own...) even if it attacks or changes the existing > paradigms without breaking existing deployments (to a limit). Okay, in that sense I believe we are basically on the same page, even if we may disagree on some specifics. I also have real world experiences where dogmatic application of what's written in RFCs doesn't really work well and I agree this is one such case. I also think draft-fujiwara-dnsop-resolver-update-00 is a good start. It's just that the initial version of it is so misleading (and perhaps partly as a result of that) the recommendations aren't very persuading. -- JINMEI, Tatuya _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop