In your previous mail you wrote: The concern I see (that I had hoped would be avoided by DO being set to 1 only when the caching server administrator had explicitly configured DNSSEC awareness) is that folks who are blissfully unaware of the root being signed would, through no fault or action on their part, could begin to see odd DNS failures due to one of the three issues I mention above. => it seems the three problems are more from EDNS0 than from the DO=1 (and without EDNSO there is no DO bit :-) so DO is not the real source of the problems, it is EDNS0 and how it can be badly handled by not-compliant middle boxes & co.
So IMHO we should first fix the EDNS0 issues. I don't know where is the idea to make EDNS0 support mandatory BTW... Regards [EMAIL PROTECTED] _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
