Re: ETSI on Minimum Requirements for European ENUM Trials
- Date: Wed, 23 Oct 2002 18:59:43 -0700
On 10/23/02 12:20 PM, "Richard Shockey" richard@localhost wrote:
> So why isnt .COM .NET and .ORG signed? .UK .DE .US ???
"Signing large zones is painful" is the usual answer. "Business reasons"
(in particular, the lack of increased revenue justifying the additional
cost) and "because no one is asking for it" are also common responses.
Neither of these need apply in the case of ENUM trials.
I do not believe it would be prudent to give people the impression that
DNSSEC is optional for actual ENUM deployment.
> NO ... its probably talking out of class for here but IMHO it is WAY WAY to
> early to even suggest DNSSEC as part of any TRIAL... where are the client
> support ...in MS?
Client support is in validating caching servers, e.g. BINDv9 or other
servers. BINDv9 runs on Win32.
> and grossly complicate the basic ENUM services trial itself IMHO.
Compared to the complexity of NAPTR record parsing (or even reading the
RFCs), DNSSEC is easy... :-).
More seriously, the point (IMHO) of operational trials is to get an idea of
the operational issues people will face with deployment of technology. As
dealing with DNSSEC is an operational issue, it would seem to me to be
important to include this in any trial.
> Who says any one will "have" to use it in a production service.
Err. So, you are suggesting that telephone numbers be susceptible to
spoofing? I don't think this is a good idea. I don't think numbering plan
managers or telcos will either. I always assumed that DNSSEC would be
part-and-parcel of ENUM deployment.
> Yes .. I still agree that using BIND 9+ is a good requirement.
<commercial plug, apologies in advance>
There is at least one commercial DNS caching server that can out perform
BINDv9 by a factor of 5 and also do DNSSEC validation.
I wouldn't make using any version of BIND a requirement. Make the
functionality desired a requirement and let people pick and choose what
servers they want to meet those requirements.