> -----Original Message----- > From: John R Levine [mailto:jo...@taugh.com] >
Hi John, Thanks again for your feedback. > > On Thu, 20 Jul 2017, Woodworth, John R wrote: > > Camp#2) Don't break DNS, even for a second > > Well, yeah, except that there's no such thing as breaking the > DNS for a second. If we look at the history of DNSSEC, we'd > break the DNS for somewhere between a decade and forever. > We have tried very hard for three decades to avoid breaking > backward compatibility, and it's hard to believe that this is > the reason to do it. > This is a very noble endeavor indeed, I both applaud and respect it. Having said that, just what level of significance would it take for us to bend in this respect? What type of feature, etc.? > > ...BULK absolutely requires online DNSSEC signing, > Unfortunately, I respectfully reject this as a statement of fact. There's even a provision (NPN) in the draft which offers a reasonable method designed specifically for offline signatures. While the NPN documentation is imperfect, we've still seen a lot of interest it, and with the help of the WG, we feel it could prove very useful. Thanks, John > > Regards, > John Levine, jo...@taugh.com, Taughannock Networks, > Trumansburg NY Please consider the environment before reading > this e-mail. https://jl.ly -- THESE ARE THE DROIDS TO WHOM I REFER: This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop