[dns-operations] Implementation of negative trust anchors?
paul at redbarn.org
Thu Aug 22 20:51:25 UTC 2013
Keith Mitchell wrote:
>>> From: Doug Barton <dougb at dougbarton.us>
>>> As stated before, the problem is that after the "early adopter" period
>>> is over we'll be stuck with NTAs forever. This is one of those
>>> fundamental disagreements between those who believe that DNS should
>>> always be forgiving of operator error, and those of us who do not.
> So, for DNSSEC deployment transition work-arounds:
> - ISC's DLV is the white list
> - NTAs are the black list
> and both need a best-before date ?
dlv was best before the root was signed, so it's years overdue for killing.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations