* Masataka Ohta: > Caching servers not validating the response?
Yes, this is still a widely-held view. To be honest, I don't think it makes much sense. We need DNSSEC right now, not at some unknown future date when operating system vendors have shipped security-aware, validating stub resolvers for a while, so that there is finally a client population which supports end-to-end DNSSEC. What's worse, end-to-end DNSSEC support for mobile devices (which move from networks with resolvers which support end-to-end DNSSEC to networks which don't) is a completely unsolved problem. We are basically at stage 0: denial that the problem exists. Not good at all. -- Florian Weimer <[EMAIL PROTECTED]> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
