On 21/12/2016 14:54, Ted Lemon wrote:
> I think the exit strategy for RPZ is DNSSEC. I don't follow this argument. RPZ is primarily used to protect end-users from visiting sites associated with malware, either because the A / AAAA result of a lookup resolves to a particular address, or because the NS set used to resolve the query shares resolvers with ones used by malevolent actors. Those malevolent actors are just as capable of using DNSSEC. Ray _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop