[dnssec-deployment] DNSSEC in Russia
paul.hoffman at vpnc.org
Thu Apr 2 19:30:35 EDT 2009
At 6:49 PM -0400 4/2/09, Edward Lewis wrote:
>This is why I am trying to go out of my way to make sure the technology can be bent to accommodate a requirement laid upon us, no matter what the source, so long as compliance is desirable. Do we want Russia to be able to use DNSSEC? I think so.
Of course. The question at hand is not about them using it, but how their particular use affects the rest of us.
>I don't question requirements. I'm willing to show how they are best met, and let the owner of the requirement decide whether to continue.
If their requirement is "our apex must be signed with GOST", then that's no problem: algorithm identifiers are cheap. If their requirement is "and everyone else must be able to validate our responses" or "and the level above our APEX must also sign with GOST", that is quite a different matter.
--Paul Hoffman, Director
More information about the Dnssec-deployment