On 08/22/2013 08:29 AM, Mehmet Akcin wrote:
On 8/21/13 11:25 AM, "Warren Kumari" <war...@kumari.net <mailto:war...@kumari.net>> wrote:>>>FWIW, I remain opposed to the idea, but trying to do due diligence. >> I still like the idea as it is the only way for big resolver providers >>to deploy DNSSEC when there competitors have not. > >+lots. Penalizing the early adopters simply leads to no deployment. Agreed!
As stated before, the problem is that after the "early adopter" period is over we'll be stuck with NTAs forever. This is one of those fundamental disagreements between those who believe that DNS should always be forgiving of operator error, and those of us who do not.
I continue to maintain that NTAs violate the whole principle of DNSSEC, and that if there is a high price for doing it wrong less people will do it wrong.
Doug _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
