On Wed, Nov 14, 2012 at 11:53:56PM +0100, Leif Johansson wrote: > > > Does that make sense though? With RRSIG validity times and TTL's you > > can set your "damange period" as small as you want. There is no issue > > like with certificates where your credentials can be abused for up to > > 12 months. > You still need to detect the attack, right? DANE may help you mitigate > the attack but it won't help you detect it.
Respected the DNSSEC "grand scheme of things" a relying party will definitely detect it, perhaps not the owner of the zone. Is that what you meant? Fred _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
