[getdns-api] Discussion of *this* API proposal

Paul Hoffman paul.hoffman at vpnc.org
Tue Jan 22 10:12:07 MST 2013


On Jan 22, 2013, at 9:00 AM, Evan Hunt <each at isc.org> wrote:
> More substantively: embedded systems, in particular, may find it desirable
> not to replicate code or work, and may wish to full advantage of a local
> cache; also, I can imagine situations in which an application developer
> could expect updates to be infrequent and wouldn't want to be stuck
> using an outdated or buggy crypto library.  Suppose ECDSA-signed DNS
> records come along and your resolver knows how to validate them but
> your application doesn't?  Security's always about tradeoffs.

This is a proposal for a specific DNS API aimed at the majority of current application development in the current DNS environment, not a generic universal DNS API. It makes some assumptions, and one is that if an OS/hardware combo cannot handle this API, there will be other APIs that might serve that combo better.

Maybe later (or even sooner), the developer community for embedded systems can make a different API that meets their restricted needs. If they do, it will be a hell of a lot smaller than this one, and it could probably just be an eviscerated version of this one. As the document says, this API will come out under a Creative Commons or BSD-ish license: spin-offs from this API will be easy.

--Paul Hoffman


More information about the getdns-api mailing list