On Tue, Apr 28, 2020 at 12:06 AM Paul Vixie <p...@redbarn.org> wrote:
> On Tuesday, 28 April 2020 01:02:27 UTC Shumon Huque wrote: > > On Sat, Apr 25, 2020 at 2:57 AM Paul Vixie <p...@redbarn.org> wrote: > > > ... > > > > The DNSSEC specs have always contemplated validating stub resolvers. > > I think the Kaminsky cache poisoning scare inadvertently focussed our > > efforts on solving the DNSSEC-to-RDNS problem to the exclusion of other > > more complete possibilities. > > stub resolvers were thrown overboard in order to get DS working. > Paul - I guess I'm missing some background here. In what sense did getting DS working throw validating stubs overboard? Do you mean it took the focus away from them? As Mark A points out, it isn't that hard these days to write a validating stub resolver. It just needs a clean path to a working DNSSEC aware recursive server. Yes, the RDNS has to be DS aware, but those have been commonplace for a decade or so. Shumon.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
