Hiya, On 28/10/17 04:40, Daniel Kahn Gillmor wrote: > > Furthermore, i believe that the proposal in draft-11 of making DNSSEC > validation of metaqueries a MUST for the opportunistic profile is > *actively harmful* to the stated goal of the opportunistic profile > (i.e., "maximum chance of DNS service").
I just re-read the draft. I agree that requiring DNSSEC validation of anything to succeed when using the opportunistic profile is a bad plan. Requiring an attempt at DNSSEC validation is fine, but given only a small percentage of the DNS is signed, and DPRIVE won't IMO drive that to a much bigger figure, (or at least not for a long time) it makes no sense to put such a barrier in the way of use of opportunistic security. Cheers, S.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
