Paul Wouters <p...@nohats.ca> wrote: > > At the IETF, we have done a REALLY bad job at keeping secure DNS as an > optional feature. The more we treat it that way, the more others will > treat it that way. We should really do the opposite. DNS without DNSSEC > is legacy. It's irresponsible. It's vulnerable. It's being actively > abused. Upgrade your DNS. > > Then, you automatically get to AUTH servers having a DNSSEC based PKI. > You can give them a public key record type like TLSA, and do encryption. > You allow plaintext, and in 10-20 years we turn off plaintext.
+1 (and to the rest of the message too) Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Isle of Man: North or northwest, veering northeast for a time, 3 or 4, occasionally 5. Slight. Thundery showers, becoming mainly fair. Moderate or good, occasionally poor. _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy