[dns-operations] unfounded showstopper assertions

Mark Andrews marka at isc.org
Mon Mar 6 21:25:23 UTC 2017

In message <065CE0C6-C59C-4757-A07F-00CAF6B20CD3 at rfc1035.com>, Jim Reid writes:
> > On 6 Mar 2017, at 20:05, Phillip Hallam-Baker <phill at hallambaker.com>
> wrote:
> >
> > I have never ever encountered a situation in which an employee of
> company X has said that 'Y is a show stopper issue for us, we cannot
> deploy unless it is addressed' and company Y has subsequently deployed.
> You must have been elsewhere during the DNSSEC protocol war 10-12 years
> ago.
> Back then various employees, managers and board members of several TLD
> registries said they would never deploy DNSSEC unless the IETF found a
> solution to their zone enumeration concerns. This was a showstopper for
> them. ISTR those very words being used at that time too. At least one
> registry went ahead and deployed DNSSEC-bis (zone enumeration included),
> securing their TLD without waiting a further 5 years or so until
> DNSSEC-ter was ready. Theyre still using DNSSEC-bis today.
> However that existence proof is just detail.
> Its simply absurd for you to assert that if company X says foo is a
> showstopper for us, that automatically makes foo a showstopper for
> company Y. One companys showstopper is by definition another companys gap
> in the market or business opportunity.

But in DNSSEC that assertions were we won't sign because ... and
DNSSEC doesn't require that everyone sign.

In reality you can't prevent tlds being enumerated for active
domains.  You look at resolver traffic from many places to build
up a database of active names.  We said that at the time and it is
reality today.

Now not having a NSEC record for every delegation still helps
somewhat for some TLD.


> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the dns-operations mailing list