[dns-operations] [Security] Glue or not glue?
Niall O'Reilly
niall.oreilly at ucd.ie
Mon May 4 11:48:16 UTC 2015
On Mon, 04 May 2015 09:51:38 +0100,
Peter Koch wrote:
[...]
>
> More importantly, while DNSSEC is mentioned in the paper, I do not see,
> maybe due to lack of language skills , DNSSEC being recommended as explicitly
> as "delegations with glue".
That's my reading too.
[...]
> Getting these recommendations straight is not an easy
> task. Balancing between different target audiences and breadth and
> depth of the advice versus available space almost always makes it a
> matter of compromise and
Indeed. A concise document will be more attractive to (a large
segment of) the target audience than a more detailed one and, for
this reason, more likely to be heeded.
> I'm sure the next version might benefit
> from feedback by the community.
Perhaps an "Aller plus loin" item after the recommendation on
delegations with glue could explain the tradeoff between
vulnerability to SPOF (mentioned by PAF) and the already-covered
risk of third-party dependency?
/Niall
More information about the dns-operations
mailing list