On Wed, Aug 16, 2017 at 12:18:55PM +0530, Mukund Sivaraman wrote:
> difficult. The amount of damage that a break in DNSSEC validation chain
> could do is far greater than other implementations of crypto such as TLS
> where it is limited to a service.
Caching can also exacerbate such problems making a bad situation worse,
so a fix may not be instantaneously observed. This is unlike with other
popular crypto protocols such as TLS.
Mukund
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
