[dns-operations] Implementation of negative trust anchors?

Randy Bush randy at psg.com
Mon Aug 26 06:16:07 UTC 2013


i will try once more

an american idiom is "keep your eye on the doughnut not the hole." this 
NTA discussion focuses on the wrong thing.

why is the frelling software on the farbled server not detecting that is 
has been farbled and screaming loudly? why is it not preventing most of 
these farblings in the first place? when mongolia tried to change key 
[alg] to one that was not in the root, their software should not have 
done it.

fix the software and the ops processes.  do not patch over the problems 
or they will increase.  the problem is weak software and processes that 
need to be fixed, and patching and denial will not fix them.

randy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130826/88de5f40/attachment.html>


More information about the dns-operations mailing list