To:
Mark.Andrews@isc.org, namedroppers@ops.ietf.org, dnsop@cafax.se, dnssec@cafax.se
From:
Brad Knowles <brad.knowles@skynet.be>
Date:
Tue, 16 Jul 2002 17:10:56 +0200
In-Reply-To:
<200207160550.g6G5o8Je073774@drugs.dv.isc.org>
Sender:
owner-dnsop@cafax.se
Subject:
Re: dnssec discussion today at noon
At 3:50 PM +1000 2002/07/16, Mark.Andrews@isc.org wrote:
> Getting DNSSEC working
> only requires that the operators of the root servers, down
> to the zone servers do the right thing.
Which is hard enough. Witness all the incredibly screwed up TLD
servers. Witness the differences in the modes of operations of the
root nameservers themselves -- do you block all zone transfers or not?
If we want DNSSEC to be taken seriously, then we have to work to
get all the root & TLD servers fixed and operating properly, and have
proper punitive measures that we can take if they aren't. Otherwise,
we don't have a snowball's chance.
--
Brad Knowles, <brad.knowles@skynet.be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.