Paul,
On Aug 15, 2008, at 12:26 PM, Paul Hoffman wrote:
At 11:29 AM -0700 8/15/08, David Conrad wrote:
Given this, does anyone see any DNS security and/or stability
concerns if a miracle were to happen and the root were to be signed
tomorrow?
Yes, at the time of the first root key rollover.
If you haven't configured DNSSEC in your caching server (that is, you
don't think DNSSEC is worth your time), I have some skepticism that
you'd have concern about key rollover.
You're asking a different question than the one I'm asking. While I
agree the question you're answering (specifically, should DNSSEC be
deployed without a better way of ensuring root key rollover doesn't
spontaneously break the DNS) is important, I'm trying to understand
something different.
Let me try to (hopefully) more clearly articulate my question: given
the fact that caching servers only care about DNSSEC if they're
explicitly configured to do so, does anyone anticipate any stability/
security concerns to those folks who _haven't_ configured DNSSEC if
the root is signed?
Thanks,
-drc
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
