On Thu, 4 Sep 2008, Mark Andrews wrote:
>
> It's not a issue. You remove the DS's which have that
> algorithm then once they have expired from caches you can
> remove the DNSKEY.
Of course, you can replay them, resulting in a DOS. (I'll call
this attack 6)
--Dean
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
