[dns-operations] thoughts on DNSSEC

Andrew Sullivan ajs at anvilwalrusden.com
Wed Jul 18 18:14:15 UTC 2012


On Wed, Jul 18, 2012 at 06:03:32PM +0000, Vernon Schryver wrote:

> How does a prospective customer check a registrar's interface without
> doing something approaching reality like registering a throw-away name?

You can't at initial registration, I agree.  But you can transfer away
once you're there, and if you're unhappy with the service that's the
thing to do.  Or anyway, that's the way the "RRR" model is set up.  I
have reservations about it, too, but given that framework this is
really the only way to make things go.

> Worse, not only could "send mail" be better in theory than web forms,

I cannot see even possibly in the case we are talking about how "send
mail" is going to be better.  In the case of a botched DS record,
there is every reason to believe that you're not going to be able to
send mail at all, because every sane mail system on the network now
refuses mail from any domain that cannot be looked up in the DNS.
Today, of course, that test doesn't extend to DNSSEC validation, but
I'd like to think that it will in future.  Moreover, a web application
at least has a hope of authenticating that the registrant of the name
is actually sending the command.  Without ancillary systems, the same
cannot be said of a mail message; and if we're going to be using
ancillary systems, we might as well fall through to ones that we
already have experience deploying.

> you can't tell whether web forms are sugar coatings on dung worse than
> typical "send mail" without a lot more than an initial registration

Well, yeah, of course, but that's just a special case of the generic
"this registrar sucks" problem.

> >                 The ICANN pages are surely a good place to start, but
> > only to start.
> 
> I think that overstates the value of the ICANN page.

By "the ICANN page" we're both talking about
https://www.icann.org/en/news/in-focus/dnssec/deployment, right?
Because I note that neither Network Solutions nor Tucows are listed
there.

Best,

A

-- 
Andrew Sullivan
ajs at anvilwalrusden.com



More information about the dns-operations mailing list