To:
iesg@ietf.org
Cc:
dnsop@cafax.se
From:
"D. J. Bernstein" <djb@cr.yp.to>
Date:
21 Mar 2000 10:24:27 -0000
Sender:
owner-dnsop@cafax.se
Subject:
Re: Last Call: Root Name Server Operational Requirements to BCP
I wrote: : For example, 3.3.2 says that root servers ``MUST be DNSSEC-capable,'' : but NSI says that the current servers would choke if DNSSEC were used. In fact, it turns out that the current version of BIND _crashes_ if you give it a secure zone. I realize that the IESG wants to encourage people to support DNSSEC. But calling it ``best current practice'' is fraudulent. ---Dan