Davey Song wrote:
If any operator would like to implement SWILD without DNSSEC or NAT44
without IPv6, It's OK. It maybe a good solution in their network for
their custormer. I do know many people and solutions walk around DNSSEC,
IPv6 (due to IPsec) and TLS for surveillance issues. But IETF as a
worldwide standard body has its position on the technical path towards a
better Internet.
agreed. and, see also:
https://mailarchive.ietf.org/arch/msg/ietf-announce/ObCNmWcsFPNTIdMX5fmbuJoKFR8
noting that DNSSEC isn't a form of confidentiality, the general spirit
of the IAB's position as linked above, supports a co-goal of end-to-end
authenticity. i see no reason to expend community development effort, or
to add complexity costs, on alternatives in whole or in part to DNSSEC,
unless it's a complete replacement protocol, or complete abandonment of
the goal itself.
--
P Vixie
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
