[dns-operations] geant.org dnssec
Phil Regnauld
regnauld at nsrc.org
Tue Feb 7 13:28:45 UTC 2017
Antoin Verschuren (dns) writes:
> https://www.ietf.org/id/draft-ietf-eppext-keyrelay-12.txt
>
> It’s been successfully used in production with a number of .nl domains that do NSEC3 as well.
> I’d say thats a safer alternative than going insecure.
Assuming it's implemented correctly - in this case, going bogus because
of a bug in a signer is marginally better than being insecure for a short
time. Depends on the definition of "safer" :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170207/62f6d968/attachment.sig>
More information about the dns-operations
mailing list