On 4/13/12 1:43 PM, "Paul Vixie" <[email protected]> wrote:
>we need to move quickly to the point where lots of large eyeball-facing >network operators are validating, such that any failure to properly >maintain signatures and keys and DS records, is felt most severely by >whomever's domain is thus rendered unreachable. +100 >i'm opposed to negative trust anchors, both for their security >implications if there were secure applications in existence, and for >their information economics implications. But then what you might get is the request to turn off validation across *all* domains until example.com is fixed and the call center pain stops. This problem of course goes away once there are (many) more recursive operators validating but there's the challenge of how we get from here to there. - Jason _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
