>>> my guess is that they see dnssec as fragile, have not seen _costly_
>>> dns subversion, and measure a dns outages in thousands of dollars a
>>> minute.
>> No one wants to be this guy:
>> http://www.dnssec.comcast.net/DNSSEC_Validation_Failure_NASAGOV_201201
>> 18_FINAL.pdf
>so, to me, a crucial question is whether dnssec ccould be made to fail more
>softly and/or with a smaller blast radius?
>randy
I'm more of a mail guy than DNS, so yes, like hard v. soft fail in SPF. Or
perhaps some way of the client side deciding how to handle hard v./ soft
failure.
Confidentiality Notice: This electronic message and any attachments may contain
confidential or privileged information, and is intended only for the individual
or entity identified above as the addressee. If you are not the addressee (or
the employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that you
may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or telephone
and delete this message from your system.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
