On 2012-04-14 1:51 AM, Doug Barton wrote: > ... The problem, and I cannot emphasize this highly enough, is that > there is absolutely no way for an ISP (or other end-user site doing > recursion/validation) to determine conclusively that the failure they > are seeing is due to a harmless stuff-up, vs. an actual security > incident. IOW, if we do this, we might as well just abandon DNSSEC > altogether.
this is what i was alluding to in some text up-thread: On 2012-04-13 5:43 PM, Paul Vixie wrote: > ... i'm opposed to negative trust anchors, ... for their security > implications if there were secure applications in existence, ... because a secure application must be able to fail reliably under attack. introducing third party bogosity breaks that failure, and it won't matter whether it's SOPA or NTA that breaks it. if i can leave you all with one thought its that dnssec failure must be reliable, end to end. see also <http://www.circleid.com/posts/20121012_dns_policy_is_hop_by_hop_dns_security_is_end_to_end/>. paul _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
