Re: [DNSOP] [Ext] Re: Resolver behaviour with multiple trust anchors

[Paul Hoffman]

Doesn't "I don't trust my parent's security policy" open up a million 
cans of worms anyway? It feels like making this change to the default 
behavior will make validation more brittle (because people *will* forget 
to update their lower-level trust anchors) in order to help a very small 
number of people who could have made the configuration change 
themselves.

--Paul Hoffman
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop