On Wed, Nov 26, 2008 at 10:50:56AM -0500, Russ Housley wrote:
I have been approached about a plenary experiment regarding
DNSSEC. The idea is for everyone to try using DNSSEC-enabled clients
during the plenary session. I like the idea. What do others think?
I agree with others' views that validation alone is not very helpful and
some frequently queried for domains' zones should be signed as part of that
experiment. By IETF74, the IANA (I)TAR might also be available as one
source of TLD trust anchors.
Still that date might be too early to encourage end system validation, so
adding validation and an "interesting" set of TAs to the meeting's recursive
name servers is another option, even if on the WLAN we can't trust the path
between stub and recursive resolver. However, I'd hope the limited time
did not imply the proponent(s) offered a demonstration during the plenary ...
Central resolvers would also provide for "easy" access to raw data for
statistics purposes.
-Peter
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf