To:
Alexis Yushin <alexis@nlnetlabs.nl>
cc:
James Aldridge <jhma@KPNQwest.net>, Jim Bound <seamus@bit-net.com>, Matt Crawford <crawdad@fnal.gov>, ngtrans@sunroof.eng.sun.com, namedroppers@ops.ietf.org, ipng@sunroof.eng.sun.com, dnsop@cafax.se
From:
Paul A Vixie <vixie@vix.com>
Date:
Tue, 07 Aug 2001 09:00:29 -0700
In-Reply-To:
Message from Alexis Yushin <alexis@nlnetlabs.nl> of "Tue, 07 Aug 2001 16:23:52 +0200." <200108071423.f77ENqd68433@open.nlnetlabs.nl>
Sender:
owner-dnsop@cafax.se
Subject:
Re: (ngtrans) Joint DNSEXT & NGTRANS summary
> I see a big difference between deprecating/moving to historic and changing > status to experimental. Experemental implies further development. I don't see that difference here. Just as "let's let the market decide" really just means "let's do whatever Microsoft wants", so it is that "let's make it experimental" really just means "let's move on." (I find it amusing that SRV was experimental but that Microsoft's use of it pulled it forward.) I was not able to be in London, but had I been there my comments would've been: Let's not expect stub resolvers to do the caching necessary to understand either A6 or SIG/KEY -- those are things which servers ought to use to talk to other servers. Stub resolvers making recursive requests of their name servers should be using AAAA and TSIG. AAAA synthesis of underlying A6, and TSIG to protect verified KEY/SIG data for the last mile, is all a client needs. Every argument against SIG/KEY or against A6 comes down to either the caching problem or the complexity problem, and if we insulate the end-stations from those problems, the arguments are reduced to things which authority-side tools can be made to cope with. Hopefully this point was made by somebody.