.gov DNSSEC operational message

• Previous message (by thread): .gov DNSSEC operational message
• Next message (by thread): .gov DNSSEC operational message
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- Original Message -----
> From: "Florian Weimer" <fw at deneb.enyo.de>
> > That sounds like a policy decision... and I'm not sure I think it sounds
> > like a *good* policy decision, but since no reasons were provided, it's
> > difficult to tell.
> 
> I don't know if it influenced the policy decision, but as it is
> currently specified, the protocol ensures that configuring an
> additional trust anchor never decreases availability when you've also
> got the root trust anchor configured, it can only increase it. This
> means that there is little reason to configure such a trust anchor,
> especially in the present scenario.

Not being a DNSSEC maven, the idea that there was no out-of-band way to 
confirm what the in-band method was telling you seemed bad to me; Matt's 
explanation, OTOH, seems sensible.

Cheers,
-- jra

• Previous message (by thread): .gov DNSSEC operational message
• Next message (by thread): .gov DNSSEC operational message
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]