Peter Saint-Andre wrote:
Actually, I mostly disagree with the "removed requirement for the
Receiving Server to close the stream if the dialback key is invalid"
stuff. From the security POV, why should the receiving server not
terminate the stream?
Because, from the performance point of view, it doesn't want to discard
the 10,000 valid domains it already supports on that stream. That's a
The average stream has probably one domain pair. Do you want me to make
a simple extrapolation of the power law to demonstrate that most domains
will not even have 500 domain pairs?
huge cost to impose on the server just because the 10,001st domain has a
DNSSEC problem. For traditional dialback the force-close requirement is
fine. For dialback as used for domain name assertions with DNSSEC it
seems too strong to me.
If DNSSEC is used, when does the receiving server ask the authoritative
server to verify a dialback key?
If it never uses dial-back, why should the receiving server send
'invalid' instead of 'error'?
And you might still generate valid dialback keys for
dialback-with-dnssec to avoid that problem.
