[dns-operations] Implementation of negative trust anchors?
Paul Vixie
paul at redbarn.org
Thu Aug 22 20:51:25 UTC 2013
Keith Mitchell wrote:
>>> From: Doug Barton <dougb at dougbarton.us>
>>> As stated before, the problem is that after the "early adopter" period
>>> is over we'll be stuck with NTAs forever. This is one of those
>>> fundamental disagreements between those who believe that DNS should
>>> always be forgiving of operator error, and those of us who do not.
>
> So, for DNSSEC deployment transition work-arounds:
> - ISC's DLV is the white list
> - NTAs are the black list
>
> and both need a best-before date ?
dlv was best before the root was signed, so it's years overdue for killing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130822/6d222b6a/attachment.html>
More information about the dns-operations
mailing list