[dns-operations] Implementation of negative trust anchors?
Keith Mitchell
keith at dns-oarc.net
Thu Aug 22 20:24:22 UTC 2013
>> From: Doug Barton <dougb at dougbarton.us>
>
>> As stated before, the problem is that after the "early adopter" period
>> is over we'll be stuck with NTAs forever. This is one of those
>> fundamental disagreements between those who believe that DNS should
>> always be forgiving of operator error, and those of us who do not.
So, for DNSSEC deployment transition work-arounds:
- ISC's DLV is the white list
- NTAs are the black list
and both need a best-before date ?
Keith
More information about the dns-operations
mailing list