On 15 aug 2008, at 22.01, David Conrad wrote:
Let me try to (hopefully) more clearly articulate my question: given
the fact that caching servers only care about DNSSEC if they're
explicitly configured to do so, does anyone anticipate any stability/
security concerns to those folks who
David Conrad wrote:
Given this, does anyone see any DNS security and/or stability concerns
if a miracle were to happen and the root were to be signed tomorrow?
Well,it will introduce a lot of large RRs, which may cause problems.
Considering that two RRs each containing 2048 bit
On Sat, 16 Aug 2008, Ted Lemon wrote:
On Aug 16, 2008, at 4:56 PM, Dean Anderson wrote:
For example, besides the previously mentioned key rollover
issue, I understand that DNSSEC also doesn't allow the protocol to be
changed securely. And we do expect the protocol to be changed.
As a
Mark Andrews wrote:
Considering that two RRs each containing 2048 bit data will need
oversized messages, they may not be properly treated by some
servers.
Those suffering from oversized messages may turn-off DNSSEC and there
is instability for those moving with their laptops.
And how