On Tue, Dec 05, 2006 at 07:43:41AM -0800, Hallam-Baker, Phillip wrote:

> Absolutely nobody has made the claim that NSEC3 is too complex to be
> deployed.


Let me then make the claim that DNSSEC-bis + NSEC3 is so complex I have
serious worries over its reliable implementability, especially considering
the number of corner cases.

Bert
--
http://www.PowerDNS.com Open source, database driven DNS Software
http://netherlabs.nl Open and Closed source services

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: