--- Begin Message ---
<<Sure, the cost of replacing NSEC and NSEC3 would be another resource record
type code roll (such as 5->8, RSA-SHA1 vs RSA-SHA1-NSEC3). But a new
on-the-fly denial of existence might prove to be worth it in operations.>>
Well, we are overdue for starting over on dnssec, which we used to do every two
years or so. But does the next generation have the will to do so?
p vixie
--- End Message ---
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
