On Thu, 29 Feb 2024, Mark Andrews wrote:
If it is forbidden in the protocol, it might still happen.
Ed, your reasoning is off. The point of forbidding is to allow the validator
to safely stop as soon as possible when it is under attack.
We're going in circles here. You want to stop at 2 some time in the
future after we've changed the spec. Ed and Shumon and I want to stop at,
say, 10, right now. I've never written a DNSSEC validator so I don't know
how different those are in practice but I'd be surprised if it were very
much.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
