From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wg0-x22a.google.com (mail-wg0-x22a.google.com [IPv6:2a00:1450:400c:c00::22a]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 2CF9D21F351 for ; Fri, 9 May 2014 08:15:31 -0700 (PDT) Received: by mail-wg0-f42.google.com with SMTP id y10so4021108wgg.25 for ; Fri, 09 May 2014 08:15:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=XkT9rz3rwXyb1EHJCjiW9JOKFuCaURptOwMOqSPlZuY=; b=k2HEzSuSlIkjN500gQYgfhbSyoATfoLGEhXA5uLtZbGzdSfSv05qZwyMmgynvuvKly zGs5UXP48KxDF9tRCZrTYjRRw2+w6LDBucR9fU61nVExJjWFuh6OqClwqfpSFE8HHBYQ l4RnhF2zC2FE05whVGF0CTkqqF09jok2WurRn14/OayXJ7eYZ9i3SkBWZ2pzLP3AWOxs kFWOy38/KAgW2IrVzo1YxwVnT5DDbz4gNbWJNvspcvpZ94D5MIDe2yMEUML8Aj1Wl68p TsFw6R0uI/gberedI/llSthCPfaA82DMfYkEZIu1HDZBiKDBFmc5zsev4e8WJxTbEvZ9 84VQ== MIME-Version: 1.0 X-Received: by 10.180.14.233 with SMTP id s9mr3790431wic.53.1399648529111; Fri, 09 May 2014 08:15:29 -0700 (PDT) Received: by 10.216.207.82 with HTTP; Fri, 9 May 2014 08:15:29 -0700 (PDT) Received: by 10.216.207.82 with HTTP; Fri, 9 May 2014 08:15:29 -0700 (PDT) In-Reply-To: References: Date: Fri, 9 May 2014 08:15:29 -0700 Message-ID: From: Dave Taht To: Maciej Soltysiak Content-Type: multipart/alternative; boundary=f46d040fa03c635fcb04f8f9117c Cc: cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] "DNSSEC considered harmful" X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 May 2014 15:15:31 -0000 --f46d040fa03c635fcb04f8f9117c Content-Type: text/plain; charset=UTF-8 As issues with any new technology go that's a fairly trivial list when compared to heartbleed or the spam filled swamp that email is. I have a fairly long list of everything that is majorly wrong with the internet that is worth working on I guess I should publish somewhere. While I am unhappy negative proofs didn't work very well and it looks like some sort of whitelist is needed to deal with broken on dnssec sites like bankofamericas, I still view the benefits as outweighing the negatives. On May 9, 2014 12:16 AM, "Maciej Soltysiak" wrote: > Hi, > > I read a twitter conversation last night where somebody said DNSSEC is > harmful. I asked why and I got this littany of issues: > http://ianix.com/pub/dnssec-outages.html > > I was blown away not only by the sheer evidence of outages, but especially > by the quotes in last sections: Miscellaneous and What a mess. > > I don't know, have a look, I just wanted to share as I wasn't aware of > things that didn't go well with DNSSEC. I'm not suggesting anything re > Cerowrt here. > > Best regards, > Maciej > > > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > > --f46d040fa03c635fcb04f8f9117c Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

As issues with any new technology go that's a fairly tri= vial list when compared=C2=A0 to heartbleed or the spam filled swamp that e= mail is.

I have a fairly long list of everything that is majorly wron= g with the internet that is worth working on I guess I should publish somew= here.

While I am unhappy negative proofs didn't work very well= and it looks like some sort of whitelist is needed to deal with broken on = dnssec sites like bankofamericas, I still view the benefits as outweighing = the negatives.

On May 9, 2014 12:16 AM, "Maciej Soltysiak&= quot; <maciej@soltysiak.com&= gt; wrote:
Hi,

I read a twitter conversati= on last night where somebody said DNSSEC is harmful. I asked why and I got = this littany of issues: http://ianix.com/pub/dnssec-outages.html

I was blown away not only by the sheer evidence of outages, but e= specially by the quotes in last sections: Miscellaneous and What a mess.
I don't know, have a look, I just wanted to share as I wasn&= #39;t aware of things that didn't go well with DNSSEC. I'm not sugg= esting anything re Cerowrt here.

Best regards,
Maciej


_______________________________________________
Cerowrt-devel mailing list
Cerowrt-devel@lists.= bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel

--f46d040fa03c635fcb04f8f9117c--