In article <> you write:
>Some of the more subtle, but still very important failure modes
>are not obvious unless *tested*.  It is would be a disservice to
>the ecosystem to blindly turn on only partly working DNSSEC which
>is actually broken in important ways.

I think it's a swell idea to offer people DNSSEC testing services but
it's hopeless to conflate it with key rotation.


DNSOP mailing list

Reply via email to