On Oct 21, 2011, at 11:31 AM, Keith Moore wrote: True. But unsecured DNS is easily exploited regardless of whether bare names are used. (and I've never bought the idea that DNSSEC verification can reasonably be done by an external host)
Yes. But if a bare name is used, a bogus search list can also bypass DNSSEC validation.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
