[dns-operations] Implementation of negative trust anchors?

Carlos M. Martinez carlosm3011 at gmail.com
Fri Aug 23 17:38:54 UTC 2013


On 8/23/13 2:03 PM, Paul Vixie wrote:

> on the other hand i would not be glad to see NTA as an IETF RFC, FYI,
> BCP, or other standards-like artifact.

A long time ago a group of people said the same about NAT and now, a few
years on many of them regret it, while us who were not present there are
still suffering the consequences.

IMO, documenting it doesn't imply endorsement. In fact, the document
gives us the opportunity to actually write down why such a practice may
not in fact be a good idea, and gives guidance to do it in a predictable
way for *someone who really, really wants to do it anyways*.

An Informational RFC would fit this purpose nicely.



More information about the dns-operations mailing list