On 5/19/14, 16:43, "Mark Andrews" <ma...@isc.org> wrote: >No. Your analysis is faulty. > >ENAME could be used immediately once the authoritative servers for >the zone support it. It would just be insecure until validators >catch up. ENAME + old algorithm would be illegal and would be >enforced by signing code and authoritative servers.
I didn't say ENAME wouldn't work if you didn't validate. What I'm saying is that proposals which are incompatible with existing DNSSEC should be subject to the most rigorous scrutiny and cost-benefit analysis, and that I don't think ENAME's benefits are worth its costs. Others may have differing valuations. That's all I'll say on this matter. /Bob _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
