On 4/14/12 9:23 PM, "Warren Kumari" <[email protected]> wrote:
>Yes, but AT&T, Verizon, Cox, BestWeb, RR, TW, etc are currently *not* >doing validation, and currently don't have much in the way of incentives >to start -- yes, NASA was an unusual event, but what was the standard >advice that kept popping up on twitter / forums / fb, etc? >"Change your resolver to be 8.8.8.8 and the problem is fixed" -- now, I'm >all for folk changing to use Google's resolvers, but to avoid validation >isn't the right reasonŠ > >Yes, NTAs suck and have some really bad security implications, but I >believe that the alternative is worse. Without a way for validating >resolver operators to avoid users jumping ship to non-validation resolver >operators we delay adoption (imo significantly) and users are at a much >larger risk for a much longer time. > >Once most ISPs are performing validation there should be fewer screwups, >and NTAs should be almost never needed -- but until we get to that point >I think that they are needed, and the net security wins outweigh the >costsŠ +1 - Jason _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
