Moin! On 30 May 2014, at 11:32, Evan Hunt <[email protected]> wrote:
> On Fri, May 30, 2014 at 02:11:45PM -0400, Paul Wouters wrote: >> Note also that for this problem, there is already a commonly deployed >> solution at the application level that addresses this situation, such >> as https://www.nlnetlabs.nl/projects/dnssec-trigger/ which will inform >> the user the network is severely broken or the user is under attack, >> and gives the user the option to disable DNSSEC and go "insecure". > > Also negative trust anchors, which seems to have stalled in the IETF > (http://tools.ietf.org/html/draft-livingood-negative-trust-anchors-06) > but has been implemented in some validators (and will be in BIND in > a future release). Oh good, so now that everybody has/will implemented it can we maybe work on that draft again. >> I do not believe your stated problem is one that needs addressing. > > +1 +1. I think that the problem has been addressed already as others have stated. So long -Ralf --- Ralf Weber Senior Infrastructure Architect Nominum Inc. 2000 Seaport Blvd. Suite 400 Redwood City, California 94063 [email protected] _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
