[dns-operations] Implementation of negative trust anchors?
Randy Bush
randy at psg.com
Mon Aug 26 06:16:07 UTC 2013
i will try once more
an american idiom is "keep your eye on the doughnut not the hole." this
NTA discussion focuses on the wrong thing.
why is the frelling software on the farbled server not detecting that is
has been farbled and screaming loudly? why is it not preventing most of
these farblings in the first place? when mongolia tried to change key
[alg] to one that was not in the root, their software should not have
done it.
fix the software and the ops processes. do not patch over the problems
or they will increase. the problem is weak software and processes that
need to be fixed, and patching and denial will not fix them.
randy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130826/88de5f40/attachment.html>
More information about the dns-operations
mailing list