On Mon, Mar 1, 2021 at 5:51 PM Eric Rescorla <[email protected]> wrote: > > On Mon, Mar 1, 2021 at 8:32 AM Paul Wouters <[email protected]> wrote: > >> DNS is not the web. DNSSEC already "pins" via the DS record in a >> hierarchical way with DNSKEYs. Adding another public key here is >> not that different. >> > > Given the low rate of DNSSEC deployment and the high rate of > misconfiguration > (https://dl.acm.org/doi/pdf/10.1145/3131365.3131373) I don't find this > particularly > encouraging. >
I tend to just ignore DNSSEC arguments. Whatever its merits, there must be something about DNSSEC that doesn't work. thanks, Rob
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
