On Sep 10, 2009, at 12:36 PM, Edward Lewis wrote:
Still, what it is attempting to do is within limits.
And within the limits of local policy, that's fine. What is simply
broken
is having that local policy have global impact.
The local policy of "trusting DLV" is not having a global impact,
just a local impact on the parties relying on the cache with that
policy.
Again, I am not objecting to people using DLV. I think it is ucky, but
that's just me. What I am objecting to is the suggestion made here
that _before a TLD that has submitted its keys to the ITAR rolls its
keys, it must notify the (potentially multiple?) folks who run a DLV
registry, of which the TLD may have no knowledge, who have harvested
ITAR data and wait_. That's just crazy talk.
There are multiple DNSSEC testbeds. Are you making use of them?
No - none have been appropriate for what we would want to test.
What do you want to test?
Regards,
-drc
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
