>> my guess is that they see dnssec as fragile, have not seen _costly_ >> dns subversion, and measure a dns outages in thousands of dollars a >> minute. > No one wants to be this guy: > http://www.dnssec.comcast.net/DNSSEC_Validation_Failure_NASAGOV_20120118_FINAL.pdf
so, to me, a crucial question is whether dnssec ccould be made to fail more softly and/or with a smaller blast radius? randy -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
