As I post to DNSEXT ML,
I do love simple approaches.
However, in this case, the complexity is not in wildcard but in DNSSEC.
So, the proper question is
do we need DNSSEC?
and the reality is that we don't.
Just discard DNSSEC and move along.
I think secure DNS, with its complexity, is hard to deploy and does not worth the deployment effot.
Given that securty problem on small ID space is solvable (as was discussed recently with subject "preventing cache contamination"), do we still have to try secure DNS deployed (in vain)?
Masataka Ohta
#---------------------------------------------------------------------- # To unsubscribe, send a message to <[EMAIL PROTECTED]>.
