[dnssec-deployment] DNSSEC Deployment Working Group callreminder and dial-in instructions
paul at xelerance.com
Fri Sep 18 18:58:57 EDT 2009
On Thu, 17 Sep 2009, Wolfgang Nagele wrote:
>> Another much simpler option is to temporarily take the zone insecure.
>> This is a viable option, too, and is not the end of the world.
> Second that. Especially because this scenario is most likely to affect
> low profile domains that are just residing with some third party
> hosting provider. High profile domains can accommodate for this
> scenario, as long as the information about it is available (the
> already mentioned problem statement).
First of all, differentiating between high profile and low profile domains
is wrong. I think we've seen too many examples of low hanging fruit getting
abused by spammers and the like.
Second, a security system that requires you to go through brief moments of
insecurity will be attacked precisely at the moment of insecurity.
(ps. not sure what list dnsssec-deploy-discuss@ is......)
More information about the Dnssec-deployment