Re: (ngtrans) Joint DNSEXT & NGTRANS summary

[Johan Ihren <johani@autonomica.se>]

Paul A Vixie <vixie@vix.com> writes:

> > I see a big difference between deprecating/moving to historic and changing
> > status to experimental. Experemental implies further development.
> 
> I don't see that difference here.  Just as "let's let the market decide"
> really just means "let's do whatever Microsoft wants", so it is that "let's
> make it experimental" really just means "let's move on."  (I find it amusing
> that SRV was experimental but that Microsoft's use of it pulled it forward.)
> 
> I was not able to be in London, but had I been there my comments would've been:
> 
> 	Let's not expect stub resolvers to do the caching necessary to
> 	understand either A6 or SIG/KEY -- those are things which servers
> 	ought to use to talk to other servers.  Stub resolvers making
> 	recursive requests of their name servers should be using AAAA and
> 	TSIG.  AAAA synthesis of underlying A6, and TSIG to protect
> 	verified KEY/SIG data for the last mile, is all a client needs.
> 	Every argument against SIG/KEY or against A6 comes down to either
> 	the caching problem or the complexity problem, and if we insulate
> 	the end-stations from those problems, the arguments are reduced to
> 	things which authority-side tools can be made to cope with.
> 
> Hopefully this point was made by somebody.

It was made, but not as succinctly. However, AAAA synthesis was mostly
presented as a transition mechanism leading towards an A6-only future.
I think that is a mistake and what worries people who are satisfied
with their working AAAA-based stub resolver.

Your point (in another mail) about renumbering as a defence againg
being locked in by your provider was definitely not made.

Johan Ihren
Autonomica