Re: wildcards, dnssec, and opt-in

[Edward Lewis <edlewis@arin.net>]

At 9:38AM -0700 9/18/02, David Conrad wrote:
> want DNSSEC.  What I take Phill's comments to mean is that Verisign is not
> willing to take the risk.
I don't mean to pick on my esteemed colleague quoted above, but let's 
drop picking on business models and the motivation behind deploying 
DNSSEC.  Let's instead get out hands on code that will let us look at 
our own personal "corner cases" to see just how (bad/painless/good) 
opt-in is.  I would think this is an action item from the proponents 
of the change.

Besides my FUD over wildcards and DNSSEC (and FUD it is as I can't 
test it), I have FUD over how an application might interpret the 
results of an opt-in impacted response.  I'm not saying "it ain't 
gonna work," I'm saying "I can't tell right now."

To the proponents of opt-in, don't take my (or others') skepticism as 
an unwillingness to adopt it.  Naturally, any change to a system that 
is in operation will be looked at suspiciously until it becomes clear 
the change is beneficial.  Scientists and engineers are naturally 
skeptical - new theories are only immediately adopted by trade rags 
and supermarket tabloids.

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                          +1-703-227-9854
ARIN Research Engineer


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>