[Dnssec-deployment] GI signatures expired
Paul Hoffman
paul.hoffman at vpnc.org
Mon Jan 3 16:53:46 EST 2011
On 1/3/11 1:43 PM, Matthew Pounsett wrote:
> On 2011/01/03, at 14:22, Paul Hoffman wrote:
>
>> Chris' original message was about a signature that was already expired. Thus, it's not "naming and shaming" as much as a warning to resolver operators *and* a note about deployment issues.
>
> It's still generally considered polite to notify the SOA RNAME and allow the operator to make whatever public statement is necessary.
Of course.
> Regardless of the intent, public posting first looks like naming and shaming to many people, as is clear from the comments I've received off-list.
OK, I can certainly see that. A better way to do the education part
might be send the alert to the SOA RNAME, and a separate message saying
"I told the admin about it, but y'all should also know that ...".
--Paul Hoffman
More information about the Dnssec-deployment
mailing list