[dns-operations] Implementation of negative trust anchors?

Randy Bush randy at psg.com
Thu Aug 22 23:58:15 UTC 2013


> I think we need to acknowledge that there will always be signing
> problems

< from a conversation with a friend wiser than i >

the problem is that we are going through a deployment phase where there
is little penalty for sloppy server ops because so few are validating.

patching over this to be more tolerant of sloppy server ops is going in
the wrong direction.  we need to think about how to make good server ops
the easy path:
  o less breakage prone protocols
  o less breakage prone implementations
  o easing fast repair if breakage is known
  o detecting and reporting more aggressively
  o blah blah blah

i.e. put that gun back in your hand

randy



More information about the dns-operations mailing list