<...> More pragmatically, while I understand the theory behind rejecting NTAs, I have to admit it feels a bit like the IETF rejecting NATs and/or DNS redirection. I would be surprised if folks who implement NTAs will stop using them if they are not accepted by the IETF.
Doing the validation on my machine makes it easy for me to realize who to blame when things break but I realize others don't have that insight or run validators, so I see the pain for the validating ISP. However, it is still not a reason for the IETF to standardize this. (paf) > But, all of this thinking leads me to think about DNSSEC validation > "risks" are very similar to the risk with deploying IPv6? > We have an IPv6 day, but why not a DNSSEC day? One day where > *many* players at the same time turn on DNSSEC validation? (drc) Definitely a good idea. It is seems a nice idea but a problem is that a single day is probably not enough. IPv6 problems are (nearly) instantaneous but with DNSSEC problems start to arise when things expire. jaap _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop