>Those malevolent actors are just as capable of using DNSSEC. A lot of the arguments I'm seeing here boil down to "my users are better off with a signed A record pointing to a site that installs Cryptolocker than with an unsigned NXDOMAIN or SERVFAIL."
There may be a world in which that is true but I'm pretty sure this isn't it. R's, John _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
