Andrew Sullivan <a...@anvilwalrusden.com> wrote: > > It _might_, if the idea were instead that validators used n of m.
N of M validation also solves the other problems Joe mentioned, to do with key rollover and failure to sign. That is, if a signer drops out (because it failed to sign the DNSKEY RRset, or because it rolled its key) validators will continue to work securely, and can update their trust anchors at leisure. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
