On 13 apr 2012, at 22:44, Nicholas Weaver wrote: > Because practice has shown that it is the recursive resolver, not the > authority, that gets blamed.
As you saw in my mail, I completely disagree from my own personal experience. If I look at the number of failures, the number of cases where the validator is blamed is exactly one -- Comcast in the NASA case. Compared to the about 50 cases or so when the zone owner/signer is blamed. Yes, we have been running DNSSEC validation in Sweden a bit longer than in the USA. Can you please comment on that mail that uses a few more characters than '+1' please? Patrik _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop