To:
"Paul A Vixie" <vixie@vix.com>, "Alexis Yushin" <alexis@nlnetlabs.nl>
Cc:
"James Aldridge" <jhma@KPNQwest.net>, "Jim Bound" <seamus@bit-net.com>, "Matt Crawford" <crawdad@fnal.gov>, <ngtrans@sunroof.eng.sun.com>, <namedroppers@ops.ietf.org>, <ipng@sunroof.eng.sun.com>, <dnsop@cafax.se>
From:
"Christian Huitema" <huitema@windows.microsoft.com>
Date:
Thu, 9 Aug 2001 01:31:28 -0700
Content-Class:
urn:content-classes:message
Sender:
owner-dnsop@cafax.se
Thread-Index:
AcEfWwy/zFjVYjC5SA+Uh2Qc7kfPqwBUib7B
Thread-Topic:
(ngtrans) Joint DNSEXT & NGTRANS summary
Subject:
RE: (ngtrans) Joint DNSEXT & NGTRANS summary
Paul, Just for the record -- Microsoft as a corporation did not try to sway this issue one way or the other; individual IETF contributors who happen to work for Microsoft have various opinions in this debate. OTOH, we are shipping software, and we would really want the debate to be resolved very soon. -- Christian Huitema -----Original Message----- From: Paul A Vixie [mailto:vixie@vix.com] Sent: Tue 8/7/2001 9:00 AM To: Alexis Yushin Cc: James Aldridge; Jim Bound; Matt Crawford; ngtrans@sunroof.eng.sun.com; namedroppers@ops.ietf.org; ipng@sunroof.eng.sun.com; dnsop@cafax.se Subject: Re: (ngtrans) Joint DNSEXT & NGTRANS summary > I see a big difference between deprecating/moving to historic and changing > status to experimental. Experemental implies further development. I don't see that difference here. Just as "let's let the market decide" really just means "let's do whatever Microsoft wants", so it is that "let's make it experimental" really just means "let's move on." (I find it amusing that SRV was experimental but that Microsoft's use of it pulled it forward.) I was not able to be in London, but had I been there my comments would've been: Let's not expect stub resolvers to do the caching necessary to understand either A6 or SIG/KEY -- those are things which servers ought to use to talk to other servers. Stub resolvers making recursive requests of their name servers should be using AAAA and TSIG. AAAA synthesis of underlying A6, and TSIG to protect verified KEY/SIG data for the last mile, is all a client needs. Every argument against SIG/KEY or against A6 comes down to either the caching problem or the complexity problem, and if we insulate the end-stations from those problems, the arguments are reduced to things which authority-side tools can be made to cope with. Hopefully this point was made by somebody.