On Mon, 17 Jun 2019, bert hubert wrote: > The problem is that from an operator point of view, DNSSEC is optional. Only because IETF does not have the guts to deprecate insecure spoofable DNS. It's 2019 and we depend on unsigned data across the internet for core infastructure. And now putting some transport security bandaids on it. Paul