> On Jan 8, 2017, at 6:54 AM, Scott Schmit <i.g...@comcast.net> wrote:
> 
> Eventually, if DNSSEC verification on endpoints becomes widespread,
> operators will need to turn to other means or break DNSSEC in these
> cases (but redirection will stop working).

Bad guys are not going to take the time to use DNSSEC to build a path that can 
be followed to their place of operations.

So the argument that “DNSSEC deployment will obsolete the industry need for 
RPZ” does not match reality.


Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to