> On Jan 8, 2017, at 6:54 AM, Scott Schmit <[email protected]> wrote: > > Eventually, if DNSSEC verification on endpoints becomes widespread, > operators will need to turn to other means or break DNSSEC in these > cases (but redirection will stop working).
Bad guys are not going to take the time to use DNSSEC to build a path that can be followed to their place of operations. So the argument that “DNSSEC deployment will obsolete the industry need for RPZ” does not match reality.
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
