[Dnssec-deployment] Fetching the RRSIGs can be a problem too.
suruti94 at gmail.com
Thu Sep 1 16:57:27 EDT 2011
On Thu, Sep 1, 2011 at 1:07 PM, Paul Vixie <vixie at isc.org> wrote:
> > Date: Thu, 1 Sep 2011 09:17:03 -0700
> > From: Mohan Parthasarathy <suruti94 at gmail.com>
> > Do you have a clear path today ? If not, do you know when we are going
> > to have that clear path ? Coming across a broken CPE box is not that
> > uncommon. I was trying to see if there is a simple way to workaround
> > it at least in some cases.
> i don't think you're going to get there with "forwarders". it's going
> to take a fair bit of work to make dnssec validation work across the
> common case of "broken CPE". i'm thinking dns-over-https as a service,
> used as a proxy when the hotel's broken middlebox gets in the way.
> Who would be operating this service ? So, it is a recursive server talking
https on one
side and DNS on the other side ? Why should I trust this service ?
> background on this can be found below -- noting that validation is a
> "dnssec application" in this context:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dnssec-deployment