On 20.8.2017 03:48, John Levine wrote: > In article <[email protected]> you write: >> Yes, someone might try to attack a domain using this. To lower >> probability of this kind of attack CZ.NIC is nagging the technical >> contact for one week before the DS gets installed into the CZ zone. >> >> For further details please see >> https://en.blog.nic.cz/2017/06/21/lets-make-dns-great-again/ >> >> We will see how it goes. > > That's certainly one of the approaches that Olafur suggested, and it > would definitely be easy to implement. > > Please let us know what you learn.
Few people asked me privately about more details so I'm going to post our IEPG presentation here as well: http://iepg.org/2017-07-16-ietf99/Fully%20automatic%20DNSSEC%20-%20final.pdf Feel free to play with it, we very much welcome feedback! Please direct further questions to Jaromír Talíř <[email protected]>. Have fun! -- Petr Špaček @ CZ.NIC _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
