[dns-operations] Spoofing DNS with fragments

[Viktor Dukhovni]

> On Sep 12, 2018, at 1:15 PM, p vixie <paul at redbarn.org> wrote:
> 
> If there is only one very narrow path to implemention of dnssec that will be secure, then that should be part of the specification.

Perhaps at this juncture the discussion should move to dnsop?
Anyone care to write a -00 draft proposing 1 or more (whether
in combination or possible alternatives) counter-measures for
consideration?

-- 
	Viktor.