Alexander, On Feb 27, 2019, at 4:32 PM, Brotman, Alexander <alexander_brot...@comcast.com> wrote: > I'm supportive of doing this in other ways, but also understand that DNSSEC > is not widely deployed.
There is a difference between not being deployed and not being turned on. My impression is that most DNS servers these days support DNSSEC, however it has largely not been enabled. If you are going to be putting stuff into the DNS for security decisions, you need to protect that stuff and that means turning on DNSSEC. Regards, -drc
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop