From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: tuhs-bounces@minnie.tuhs.org X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.1 Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id 237868f1 for ; Mon, 25 Jun 2018 16:42:02 +0000 (UTC) Received: by minnie.tuhs.org (Postfix, from userid 112) id C038CA17DF; Tue, 26 Jun 2018 02:42:01 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id 091389E5BE; Tue, 26 Jun 2018 02:41:50 +1000 (AEST) Received: by minnie.tuhs.org (Postfix, from userid 112) id 2F3AC9E5BE; Tue, 26 Jun 2018 02:41:47 +1000 (AEST) Received: from sdaoden.eu (sdaoden.eu [217.144.132.164]) by minnie.tuhs.org (Postfix) with ESMTPS id C14BD9E5BD for ; Tue, 26 Jun 2018 02:41:46 +1000 (AEST) Received: by sdaoden.eu (Postfix, from userid 1000) id 859691604A; Mon, 25 Jun 2018 18:41:45 +0200 (CEST) Date: Mon, 25 Jun 2018 18:41:53 +0200 From: Steffen Nurpmeso To: (Noel Chiappa) Message-ID: <20180625164153.8OSfj%steffen@sdaoden.eu> In-Reply-To: <20180624131458.6E96518C082@mercury.lcs.mit.edu> References: <20180624131458.6E96518C082@mercury.lcs.mit.edu> Mail-Followup-To: (Noel Chiappa) , tuhs@minnie.tuhs.org User-Agent: s-nail v14.9.10-138-gbb01f2b9-dirty OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD; url=https://ftp.sdaoden.eu/steffen.asc; preference=signencrypt BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in the world can make no bugs. Subject: Re: [TUHS] off-topic list X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: tuhs@minnie.tuhs.org Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" Noel Chiappa wrote in <20180624131458.6E96518C082@mercury.lcs.mit.edu>: |> On 06/23/2018 04:38 PM, Steffen Nurpmeso wrote: | |> Others like DNS are pretty perfect and scale fantastic. | |It's perhaps worth noting that today's DNS is somewhat different from the |original; some fairly substantial changes were made early on (although \ |maybe |it was just in the security, I don't quite recall). No.. not that i know? |(The details escape me at this point, but at one point I did a detailed \ |study |of DNS, and DNS security, for writing the security architecture document \ |for |the resolution system in LISP - the networking one, not the language.) It is basically still the same that Mockapetris designed, or it was like this in 2004..2005 at least. We have seen many new types and extensions and clarifications (many early after the DNS RFCs 1035+ were published, for example RFC 1122, "Requirements for Internet Hosts -- Communication Layers"), like EDNS to extend the DGRAM packet size and such, and then luckily someone from the IETF really waved through transport layer security for DNS, via TCP and also via DTLS, which made me really happy. (RFC 8310, and 7858 (TCP) and 8094 (UDP).) There were a lot of RFCs regarding zone transfer, i have to admit that i never read those, as i never had anything to do with the server side of DNS. But the DNS concept by itself scales still and is unchanged?!? I would expect that in the future more and more software becomes capable to follow chains of trust from zone to zone upwards, so that individual zones can use zone-specific TLS certificates, signed only by zones higher up the layer... or a member of the CA pool, the root zone is pretty much U.S.A., which is possibly a bit unfair. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)