[dns-operations] Implementation of negative trust anchors?
Jason_Livingood at cable.comcast.com
Wed Sep 4 14:58:02 UTC 2013
Last but not least, I observed some conflicting feedback in this thread on NTAs. So I am wondering whether there is comparatively more consensus on these two issues:
1 – Responsibility for authoritative DNSSEC mistakes rests with authoritative operators
(written up quickly in http://tools.ietf.org/html/draft-livingood-auth-dnssec-mistakes-00)
2 – In case of DNSSEC validation failures, don't change resolvers
(written up quickly in http://tools.ietf.org/html/draft-livingood-dont-switch-resolvers-00)
Any thoughts? (Standing back – I may be throwing a can of gasoline into the fire.) :-)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations