On 23.08.13 00:37, Joe Abley wrote:
Last thing, we have NTAs today. People use them.
Local policy always prevails. Even over common sense. We observe this in the real world, where local laws are always in force and in some places the local laws might not make sense to us, or even irritate our sense of 'laws'. Yet, those exist. Won't go away.
Therefore, it is perfectly ok for someone to implement NTAs or other methods to ignore what DNSSEC provides. As with any other manual intervention, these are prone to error.
One day, when more people are dependent on DANE and it stops working, those same oper types will start talking the opposite story...
On the other hand, if we let too much "ifs" exist, such as "but what if someone has applied NTAs to this domain, somewhare?", then application designers will be even less motivated to make use of DNSSEC.
Daniel _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
