On Apr 4, 2013, at 1:19 PM, Paul Hoffman <[email protected]> wrote: >> I think nothing is needed here except perhaps a statement of the bleeding >> obvious: "if you miss too many key rollovers, Very Bad Things will happen so >> make sure you have a foolproof way of recovering from that". > > We need that statement because it's *not* bleeding obvious. I cannot think of > a single thing built into a 2007-era ISO of a Linux distro that would have > the property similar to "it will automatically give mysterious results for > DNS service". It might have lots of unsafe software turned on, but none that > will say "I'll serve you" but then it doesn't.
Also, there is a LOT of old, NEVER updated, 5 year old networking kit out there. Well, fortunately they are often clueless about DNSSEC, but still... _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
