On 6/11/02 4:34 PM, "Eric A. Hall" <ehall(_at_)ehsco(_dot_)com> wrote:
The big deal is that some of the more restrictive ISPs may not permit
customers to bypass their DNS servers. Same as with HTTP interception
proxies.
No, the big deal is that the roots and TLDs would be crippled from
millions of TCP queries for their certs.
Why do you think the roots and TLDs would get millions of TCP queries for
their certs? Why would anyone want to get the certs of the roots or tlds?
These arguments are going beyond silly and reaching ludicrous. Yes, some
ISPs do stupid things. That's when you choose a different ISP or come up
with some workaround. Yes, there are broken DNS servers out there that
can't handle TCP queries. Get an unbroken DNS server, there are plenty.
Yes, there may be fragmentation issues, however we are going to have to deal
with this if we're ever going to deploy DNSSEC.
Can we stop with the FUD?
Rgds,
-drc