There are two responsible options for the group to take.

The first is to agree with the Europeans who state that these are =
essential requirements and override Bert on the basis that the =
interoperability results simply do not support his claim.

The second is to shut down DNSSEC completely and immediately: stop =
wasting everyone's time and stop preventing other groups from working on =
this problem.

My vote is for the first approach.

> -----Original Message-----
> From: bert hubert []=20
> Sent: Tuesday, December 05, 2006 12:06 PM
> To: Hallam-Baker, Phillip
> Cc: Alex Bligh;; Ralph Droms;=20
> Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only=20
> vs the MX/A issue.)
> On Tue, Dec 05, 2006 at 07:43:41AM -0800, Hallam-Baker, Phillip wrote:
> > Absolutely nobody has made the claim that NSEC3 is too=20

> complex to be=20
> > deployed.

> Let me then make the claim that DNSSEC-bis + NSEC3 is so=20
> complex I have serious worries over its reliable=20
> implementability, especially considering the number of corner cases.
> Bert
> --=20
> Open source, database driven DNS=20
> Software=20
> Open and Closed source services

to unsubscribe send a message to with
the word 'unsubscribe' in a single line as the message text body.