From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: tuhs-bounces@minnie.tuhs.org X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.1 Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id 7c48f718 for ; Mon, 25 Jun 2018 13:04:50 +0000 (UTC) Received: by minnie.tuhs.org (Postfix, from userid 112) id 269269EE05; Mon, 25 Jun 2018 23:04:49 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id 01E269E5BD; Mon, 25 Jun 2018 23:04:01 +1000 (AEST) Received: by minnie.tuhs.org (Postfix, from userid 112) id 99DCA9E5BE; Mon, 25 Jun 2018 23:03:59 +1000 (AEST) X-Greylist: delayed 1114 seconds by postgrey-1.35 at minnie.tuhs.org; Mon, 25 Jun 2018 23:03:58 AEST Received: from ppsw-31.csi.cam.ac.uk (ppsw-31.csi.cam.ac.uk [131.111.8.131]) by minnie.tuhs.org (Postfix) with ESMTPS id E95D79E5BD for ; Mon, 25 Jun 2018 23:03:58 +1000 (AEST) X-Cam-AntiVirus: no malware found X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus Received: from grey.csi.cam.ac.uk ([131.111.57.57]:51882) by ppsw-31.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.137]:25) with esmtps (TLSv1:ECDHE-RSA-AES256-SHA:256) id 1fXQrx-000v3i-L3 (Exim 4.91) (return-path ); Mon, 25 Jun 2018 13:45:21 +0100 Date: Mon, 25 Jun 2018 13:45:21 +0100 From: Tony Finch To: Noel Chiappa In-Reply-To: <20180624131458.6E96518C082@mercury.lcs.mit.edu> Message-ID: References: <20180624131458.6E96518C082@mercury.lcs.mit.edu> User-Agent: Alpine 2.11 (DEB 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: [TUHS] off-topic list X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: tuhs@minnie.tuhs.org Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" Noel Chiappa wrote: > > It's perhaps worth noting that today's DNS is somewhat different from the > original; some fairly substantial changes were made early on (although maybe > it was just in the security, I don't quite recall). The key early changes were described in RFC 973 (1986): bigger TTLs, MX records, CNAME and wildcard clarifications. Next, I think, was NOTIFY / IXFR / UPDATE in 1996/7 which made the whole system (potentially) a lot more dynamic. RFC 2181 (also 1997) is important because it includes the standardized pre-DNSSEC answer to the 1990s cache poisoning attacks found by Bellovin and others. (Though I think a lot of this was put in place well before the RFC was published.) This greatly restricted the gossip protocol aspect of the DNS (records in the additional section). There was a lot of churn related to IPv6 easy renumbering, which has all been thrown away apart from DNAME. There was also a lot of churn around DNSSEC, going right back into the 1990s, which finally settled on what we have now by about 2008. Along the way they discovered a lot more unclarified edge cases in things like wildcards. DNSSEC turned the DNS into a somewhat half-arsed PKI. It could also allow implementations to bring back gossip, though there are performance and packet size constraints that make it tricky. The half-arsedness of DNSSEC is mostly related to the administrative aspects of registrations and transfers and so forth, which are frequently not very confidence-inspiring. Some of this is due to the way EPP works (and its predecessor the registry-registrar protocol), but it's mostly because there's no standard interface between domain owners, DNS operators, and registrars. (And registrars don't want one because it would commoditize them. There's probably a David Clark-style Tussle in Cyberspace case study in here somewhere.) Tony. -- f.anthony.n.finch http://dotat.at/ work to the benefit of all