Hi Nikos,
Is there a reason for not having dnssec by default? If there is a way
to disable it, I believe it will only be beneficial to have it in.
The main problem here is that this increase the default image size
significantly plus we can't even reuse all the added crypto code because
none of the core or important services use nettle. It would be nice to
see dnsmasq interacting with a more mainstream embedded crypto library
like polarssl or so.
Also I would probably let all the DNSSEC deployment and the dnsmasq
implementation mature a bit more before considering to enable it by
default for everyone. But thats just my personal opinion.
Cheers,
Steven
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
