[Dnssec-deployment] RRSIG for arpa expired
Andrew Sullivan
ajs at shinkuro.com
Mon Jun 7 14:38:56 EDT 2010
On Mon, Jun 07, 2010 at 01:15:12PM -0500, Michael Graff wrote:
> It doesn't have to stay this way, but I think today, with the current
> tools, this is a reasonable request.
I get the argument, for sure. But I do seriously wonder whether the
claim "it doesn't have to stay this way" is borne out by any empirical
evidence. I suspect that if we deploy DNSSEC in a mode where positive
validation happens but validation failures are treated as soft errors,
we'll live with that mode of operation effectively forever.
A
--
Andrew Sullivan
ajs at shinkuro.com
Shinkuro, Inc.
More information about the Dnssec-deployment
mailing list