On 2012-04-18, at 14:53, "Jim Reid" <j...@rfc1035.com> wrote:
> On 18 Apr 2012, at 19:28, David Conrad wrote: > >> If you don't like the policy of your validator operator, change to a >> validator operator whose policy you agree with (or, better yet, run >> your own validator -- it is the only way to be sure). If you are >> not permitted to do this, you have other issues. > > +1 > > Though you've not explained how someone would be able to find out what > was the flavour-of-the-month policy of the validator operator they > were using that day. In a cryptographic sense, if you outsource your validation to a third party you can never be sure of the integrity of the answers you receive. If you want certainty, validate in the client. (I continue to think this is the advice the IETF should be giving. Certainty is required in some applications. I think it should be the default expectation of other protocols and applications.) In a more practical sense, if you're making use of a third-party supplier for something, presumably you have a way to find out details of the service they're providing. In principle, wanting a validation supplier who is sane is no different to wanting a bank who doesn't store or process your personal data in a jurisdiction with over-reaching data mining by government. If you care, chances are you can find something that meets your needs. Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
