Ted Lemon wrote:
Please say more about the "security risk". I'm missing it.
Ideally you want your cache code to be as simple as possible. More
code means more bugs.
for features with local benefit (dnssec validation for example) this is
a cost:benefit tradeoff worth making. for those with only a remote
benefit (client subnet for example) it's less arguably beneficial.
sadly, this same engineering economic argument applies to SAV.
--
P Vixie
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
