[dns-operations] Implementation of negative trust anchors?
drc at virtualized.org
Thu Aug 22 21:47:06 UTC 2013
On Aug 22, 2013, at 12:06 PM, Doug Barton <dougb at dougbarton.us> wrote:
> As stated before, the problem is that after the "early adopter" period is over we'll be stuck with NTAs forever.
A resolver operator deploying an NTA is making an assertion that data behind a name is safe despite protocol indications that is may not be.
I would think corporate lawyers might quiver with ... righteous indignation in situations like this. As such, I have some skepticism that corporate resolver operators will be allowed to leave NTAs up for much longer than necessary.
But maybe I overestimate lawyer nervousness.
More information about the dns-operations