[dns-operations] Implementation of negative trust anchors?
regnauld at nsrc.org
Fri Aug 23 12:59:45 UTC 2013
Daniel Kalchev (daniel) writes:
> DNSSEC is not some magical technology that just solves "the problems".
> On this, I am with Doug, that "if there is a high price for doing it
> wrong less people will do it wrong".
Couple more things. a) Local policy allows you not to enable validation
*at all* in the first place. b) Validating caching resolvers will be
around for many more years, but if you can, validate on the client/
application. The closer, the better. If we stop at the current state
of things, we haven't done our job. If NTAs help, so be it.
More information about the dns-operations