[dnssec-deployment] dot MUSEUM implemented DNSSEC
olaf at NLnetLabs.nl
Mon Sep 22 09:42:20 EDT 2008
On Sep 22, 2008, at 12:15 PM, Mark Andrews wrote:
>> DNSsec creates a tighter chain. We have to make sure that
>> is not the weakest link. -- Yes, it is the same process but DNSsec
>> requires higher degree of safety when it comes to the redelegation
> Please quote the relevent RFC.
I hope that I understand Mats point. Allow me to rephrase it:
If you do a delegation wrong you create some lameness, and the DNS can
cope with that. If you do the DS wrong then you immediately impact the
With plain old DNS you need to shoot at least twice to shoot yourself
in the feet. With DNSSEC you only need one shot to do serious damage.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 235 bytes
Desc: This is a digitally signed message part
Url : http://dnssec-deployment.org/pipermail/dnssec-deployment/attachments/20080922/1585ca10/attachment.bin
More information about the Dnssec-deployment