Vernon, On Aug 22, 2013, at 5:07 PM, Vernon Schryver <[email protected]> wrote: > You get the status quo ante by simply turning off validation.
If the only solution to someone else screwing up signing is to turn off validation for all zones and the likelihood of someone screwing up signing scales with the number of folks signing, why bother ever turning validation on? > On the contrary, NTA is a new tool for deliberately introducing new > faults in the data you give your DNS clients. It is a tool for lying > to your DNS clients with data that you swear is valid and signed but > that you know is at best unsigned and quite possibly invalid or worse. True. This is why I suspect corporate types will have hesitancy to use NTAs and wish to remove them as soon as possible. Regards, -drc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
