On Mon, Jun 17, 2019 at 01:33:26PM -0400, Paul Wouters wrote: > >The problem is that from an operator point of view, DNSSEC is optional. > Only because IETF does not have the guts to deprecate insecure spoofable DNS. Well, that is a novel concept. I imagine ETSI would rush in to respecify unauthenticated DNS though! Bert