[dnssec-deployment] DNSSEC Deployment Working Group callreminder and dial-in instructions

[Paul Wouters]

On Thu, 17 Sep 2009, Wolfgang Nagele wrote:

>> Another much simpler option is to temporarily take the zone insecure.
>> This is a viable option, too, and is not the end of the world.
> Second that. Especially because this scenario is most likely to affect
> low profile domains that are just residing with some third party
> hosting provider. High profile domains can accommodate for this
> scenario, as long as the information about it is available (the
> already mentioned problem statement).

First of all, differentiating between high profile and low profile domains
is wrong. I think we've seen too many examples of low hanging fruit getting
abused by spammers and the like.

Second, a security system that requires you to go through brief moments of
insecurity will be attacked precisely at the moment of insecurity.

Paul
(ps. not sure what list dnsssec-deploy-discuss@ is......)