<...>
More pragmatically, while I understand the theory behind rejecting NTAs,
I have to admit it feels a bit like the IETF rejecting NATs and/or DNS
redirection. I would be surprised if folks who implement NTAs will stop
using them if they are not accepted by the IETF.
Doing the validation on my machine makes it easy for me to realize
who to blame when things break but I realize others don't have that
insight or run validators, so I see the pain for the validating
ISP. However, it is still not a reason for the IETF to standardize
this.
(paf)
> But, all of this thinking leads me to think about DNSSEC validation
> "risks" are very similar to the risk with deploying IPv6?
> We have an IPv6 day, but why not a DNSSEC day? One day where
> *many* players at the same time turn on DNSSEC validation?
(drc)
Definitely a good idea.
It is seems a nice idea but a problem is that a single day is
probably not enough. IPv6 problems are (nearly) instantaneous but
with DNSSEC problems start to arise when things expire.
jaap
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
