[dnssec-deployment] What does DNSSEC enable?
Olaf M. Kolkman
olaf at ripe.net
Wed Jan 12 14:53:36 EST 2005
> we can successfully use
>this tactic and we will never be blamed, yelled at, sued, called bad names,
>or otherwise made to pay for our mischief.
Who is we in this case? We as in protocol engineers and DNSSEC
entusiasts will never be blamed... but "we" as in those who deploy the
authoritative infrastructure and "we" who are perceived to do careful
validation during key-exchanges might be blamed (or am I infected to
much with US liability thinking?).
Should TLDs put disclaimers in their policies?
(I've tried to write up some policy/procedure text in the context of
deploying DNSSEC at the RIPE NCC --something I have not
shared with my colleagues yet--- but I found myself writing a disclaimer
and I am still doubting if it is needed... )
More information about the Dnssec-deployment