> On Jan 8, 2017, at 6:54 AM, Scott Schmit <i.g...@comcast.net> wrote: > > Eventually, if DNSSEC verification on endpoints becomes widespread, > operators will need to turn to other means or break DNSSEC in these > cases (but redirection will stop working).
Bad guys are not going to take the time to use DNSSEC to build a path that can be followed to their place of operations. So the argument that “DNSSEC deployment will obsolete the industry need for RPZ” does not match reality.
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
