> > Well conceivably you could be in a situation where the roots > validate, > > but validation fails further down the chain, making that scheme fail > in > > weird and unpredictable ways? > > http://www.bortzmeyer.org/dns-routing-hijack-turkey.html > > ?
I was thinking more about the case where, say, the root server keys validate, but the keys further down the chain have been changed, and the clock is set to a time in the interval between the respective beginnings of validity time... I would think that could happen with no malicious intent way too often for the root keys to be a very useful heuristic to use... -Toke _______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
