On Mon, Sep 01, 2008 at 03:24:25PM +0200, JFC Morfin wrote:
I blame no one. I just infer from your semantic (and side echoes from ccNSO) that the actual purpose is not technical validation but production, while production implies much more than technical validation.
I like to use the existing testbed for a two week production grade test over the Cairo meeting. Consider it as a testbed, too. This does not mean, that all root servers out there got be signed in those days, but the recursive server at the meeting do the validation with the testbed servers.
DNSSEC is one of the current activities of ICANN and therefore a current matter for ALAC. One might ask if DNSSEC is too urgent for AtLarge, the ALSes, and the users out there. Because AtLarge should guide the process, the ALSes should think about this subject. That's why I like to have a track on the summit.
This is correct. However, my question is for the ALAC (on behalf of the users) to decide first that DNSSEC / EDNS0 and NSEC3 is the way to go, technically, strategically and politically wise.
Yes, that should be discussed.
The role of an advisory committee is to just that, not to copy others' positions. In the process ALAC should also come with additional DNSSEC deployment advises about the user side and the global consistency.
Ack.
For example, I raised the question at the IETF/WG-IDNABIS of the DNSSEC + IDN + IDNccTLD datagram size. When you consider the real status of the Internet (http://www.caida.org/workshops/wide/0801/slides/castro-ditl_comparison.pdf) you see that the EDNS0 proportion decreases.
The reason might be simple: DNS servers does not use EDNS0 by default anymore, only when needed. And they turn off EDNS0 per server, if any error occured. I would not claim that EDNS0 support decreased.
Of course. Unbound is sponsored by Verisign and the code was written by the big, bad, and ugly NSA agents. ... Sorry, please let keep us on safe grounds.
If this is your position I leave it to you. If it is supposed to a joke at mine, I afraid you are totally out target :-)
I forgot to add an irony ascii-art, sorry.
That's why the introduction of DNSSEC is much easier than any IPv6 rollout.
As Euralo we have no Chinese user online. It would be interesting to know from them. Or from Comcast.
Why do you look far away? Why do you not accept experience from others? What do you expect? http://www.ipv6council.de/events/german_ipv6_summit/programme.html http://www.guug.de/veranstaltungen/ecai6-2007/abstracts.html