On 2010-03-08, at 11:18, Tony Finch wrote: > On Mon, 8 Mar 2010, Joe Abley wrote: >> > >> - signing ROOT-SERVERS.NET would result in potentially-harmful large >> responses with no increase in security > > Can't you deal with this by omitting the root-servers.net RRSIGs from the > additional section of responses to queries to the root?
Are you suggesting that we implement a coordinated code change to all root servers in the name of security or stability? Diversity in operation and code base is usually thought to be a strength of the root server system. Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
