This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] DNSSEC Policy Development Process
- Previous message (by thread): [dns-wg] DNSSEC Policy Development Process
- Next message (by thread): [dns-wg] DNSSEC Policy Development Process
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Randy Bush
randy at psg.com
Tue Aug 30 18:09:38 CEST 2005
> I agree that if we do not get to a point where validators only have > to configure between one and a handful of trust-anchors and those > trust-anchors get automatically rolled DNSSEC will not reach the > masses. > > On the other hand we have to start deploying somewhere. while i do have sympathy for this, when i consider, or try to consider, what the trust model and reliability of low-level roll-out of a hundred or a thousand scattered zones, the mind boggles. as trust keys require manual maintenance, there will be seemingly random failures, real fun debugging, ... and the trust won't distribute, it's SxC. hence, i think of it as more operational practice than deployment. testing whether folk can configure servers and clients, and reconfigure them, and debug them, and ... in a sense, this is a good thing. in another sense, it is expensive at a time when we are not rich. randy
- Previous message (by thread): [dns-wg] DNSSEC Policy Development Process
- Next message (by thread): [dns-wg] DNSSEC Policy Development Process
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]