On Thu, Apr 23, 2009 at 05:37:22PM +0000, bmann...@vacation.karoshi.com wrote: > i happen to agree w/ David here. there really is no serious technical
I would generally encourage that trend. > the downsides are the LEOS (protecting our security), and the Shylocks > who need to collect what remains of the lunch money. I do not particularly disagree with your conclusion, but I believe your assessment of the 'downsides' is incomplete in at least one regard; The system in place currently has a benefit in that it is trivially simple. Very few implementations have gotten this wrong over the years, and when they have it was trivially simple to debug. Query, reply. Comparatively, DNSSEC recursive resolution is significantly more complex, and the scope of the deployment of that resolution becomes a multiplier in the costs to deploy and maintain a web of interoperating systems. That said, I think recursive resolution can and should be pushed into the end hosts, but that solution may not be universal, and it may be discovered to be intractable, so it is also wise to invest in an interim solution that can potentially be maintained for an extended period. I believe some ideas for that were mentioned already. -- David W. Hankins "If you don't do it right the first time, Software Engineer you'll just have to do it again." Internet Systems Consortium, Inc. -- Jack T. Hankins
pgpiUiPCidN8N.pgp
Description: PGP signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
