At 21:03 15-04-2012, Ralf Weber wrote:
If the IETF or this group wants to ignore these operational facts
and not give new people guidance on how to deal with them, and do
nothing is not an acceptable advise here, I doubt that a lot of
people will adopt DNSSEC or move back after the first or second
failure and that would not the be outcome I would want.
From draft-livingood-negative-trust-anchors-01:
"A Negative Trust Anchor should be considered a transitional and
temporary tactic which is not particularly scalable and should not be
used in the long-term. Over time, however, the use of Negative Trust
Anchors will become less necessary as DNSSEC-related domain
administration becomes more resilient."
The parallel here would be
draft-ietf-v6ops-v6-aaaa-whitelisting-implications-11. The
significant difference is that it is not about a technological
choice. There are different angles to the problem discussed in
draft-livingood-negative-trust-anchors-01. I could look at it as follows:
A Negative Trust Anchor should be considered even though the tactic is
not particularly scalable.
Regards,
-sm
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
