[dns-operations] geant.org dnssec

Phil Regnauld regnauld at nsrc.org
Tue Feb 7 13:28:45 UTC 2017

Antoin Verschuren (dns) writes:
> https://www.ietf.org/id/draft-ietf-eppext-keyrelay-12.txt
> It’s been successfully used in production with a number of .nl domains that do NSEC3 as well.
> I’d say thats a safer alternative than going insecure.

	Assuming it's implemented correctly - in this case, going bogus because
	of a bug in a signer is marginally better than being insecure for a short
	time. Depends on the definition of "safer" :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170207/62f6d968/attachment.sig>

More information about the dns-operations mailing list