On Apr 15, 2012, at 9:37 AM, Paul Vixie wrote: > i'd tell validator operators who think they need NTA's in > order to control the risks posed by zone owner errors, "if you can't > stand the heat then stay out of the kitchen."
Given the benefits provided by DNSSEC (to date) are largely invisible and the costs quite non-trivial, I'd think this would ensure DNSSEC validation never gets deployed, thus secure applications (such as DANE) will never exist. I thought we'd learned that flag day deployments don't work on the Internet anymore. Regards, -drc _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop