This is a discussion on Re: dictionary attack on nameservers - DNS ; --On 17 August 2004 23:00 +0100 Jim Reid wrote: > Alex> I do not see how working to solve zone enumeration is going > Alex> to delay deployability, as if those who think it isn't a > Alex> problem are ...
--On 17 August 2004 23:00 +0100 Jim Reid
> Alex> I do not see how working to solve zone enumeration is going
> Alex> to delay deployability, as if those who think it isn't a
> Alex> problem are correct (and we are wrong), then it will get
> Alex> deployed notwithstanding our views.
> Can you say opt-in? That was the last big controversial issue in the
> DNSSEC protocol development effort. It took ~2 years for the WG to
> kill that idea.
That was /before/ DNSSEC-bis was sent to the IESG. I thought the point of
sending it to the IESG was that people in general felt it was deployable
now (as do I, in certain circumstances, and indeed DLV widens those
circumstances considerably). I thought the whole point of the debate
as to whether the w/g should reach consensus to send DNSSEC-bis to the
IETF was so as not to delay deployment whilst the w/g worked on the
question of whether to / how to solve some additional issues that had
been raised, primarily enumerability. If you thought enumerability
was going to delay deployment, notwithstanding DNSSEC-bis having been
sent to the IESG without any fix, why send it?
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.