[dns-operations] Implementation of negative trust anchors?

David Conrad drc at virtualized.org
Thu Aug 22 21:47:06 UTC 2013


On Aug 22, 2013, at 12:06 PM, Doug Barton <dougb at dougbarton.us> wrote:
> As stated before, the problem is that after the "early adopter" period is over we'll be stuck with NTAs forever.

A resolver operator deploying an NTA is making an assertion that data behind a name is safe despite protocol indications that is may not be.

I would think corporate lawyers might quiver with ... righteous indignation in situations like this. As such, I have some skepticism that corporate resolver operators will be allowed to leave NTAs up for much longer than necessary.

But maybe I overestimate lawyer nervousness.


More information about the dns-operations mailing list