Paul Vixie wrote:
we should make the best case we can for the positions we hope the WG
will adopt, and answer any questions or misunderstandings of those
positions during any subsequent debate.
OK.
for example, here is my
statement on the quality and utility of DNSSEC, along with others':
https://dnssec.net/why-deploy-dnssec
That page is dated before diginotar (2011), when almost all, if not
all expect me, believed PKI were cryptographically secure.
That is, that a false statement of "PKI is cryptographically secure"
was a reason acceptable by most why DNSSEC should be deployed.
Note that, that page titled as "DNSSEC Advantage: Reasons for
deploying DNSSEC" is rather an operational proof that most people
did not and still are not interested in DNSSEC, primarily because
its operational complexity caused by lack of cryptographic security.
here, you demonstrate a commitment to nonconstructive commentary
> ("obviously impossible for poor IPv6 and LISP")
As I wrote to Suzanne Woolf;
: Recognizing unproductive protocols such as DNSSEC as unproductive
: protocols is, though may be to your surprise, productive.
nonconstructive commentary on nonconstructive protocols is rather
constructive.
Moreover, that IPv4 with NAT is better than IPv6 is a constructive
statement.
Similarly, in my first message of the thread, I wrote:
> Constructive thing to do to make DNS secure is to totally abandon
> DNSSEC and rely on DNS cookie or something like that.
That is, "totally abandon DNSSEC and rely on DNS cookie or something
like that." is a constructive proposal.
Masataka Ohta
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
