On 6 Nov 2017, at 7:56, Petr Špaček wrote:
2. Vast majority of people will not bother with setting up own trust
anchors. I.e. vast majority of people will not be affected by any
brittlenes you envision.
3. The small fraction of people who configure their own TA do it for a
reason. The reason I can see is "TA pinning". This provides users
ability to to configure their critical systems in a way which turns
successfull hack into my parent registry into Bogus status.
Yes, it requires them to keep TA up-to-date, but that is the price you
pay for pinning.
In retrospect, I agree that these two are good justification for "if a
subordinate trust anchor has been configured, the default is to trust it
more than the superordinate one" as long as the document also says "but
this should be configurable".
So, are you volunteering to start the effort for rfc6840-bis? :-)
--Paul Hoffman
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
