There are two responsible options for the group to take.

The first is to agree with the Europeans who state that these are =
essential requirements and override Bert on the basis that the =
interoperability results simply do not support his claim.

The second is to shut down DNSSEC completely and immediately: stop =
wasting everyone's time and stop preventing other groups from working on =
this problem.


My vote is for the first approach.


> -----Original Message-----
> From: bert hubert [mailto:bert.hubert@netherlabs.nl]=20
> Sent: Tuesday, December 05, 2006 12:06 PM
> To: Hallam-Baker, Phillip
> Cc: Alex Bligh; shane_kerr@isc.org; Ralph Droms;=20
> namedroppers@ops.ietf.org
> Subject: Re: Pimping DNSSEC (was Re: DNSSEC - Signature Only=20
> vs the MX/A issue.)
>=20
> On Tue, Dec 05, 2006 at 07:43:41AM -0800, Hallam-Baker, Phillip wrote:
>=20
> > Absolutely nobody has made the claim that NSEC3 is too=20

> complex to be=20
> > deployed.

>=20
> Let me then make the claim that DNSSEC-bis + NSEC3 is so=20
> complex I have serious worries over its reliable=20
> implementability, especially considering the number of corner cases.
>=20
> Bert
> --=20
> http://www.PowerDNS.com Open source, database driven DNS=20
> Software=20
> http://netherlabs.nl Open and Closed source services
>=20
>=20


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: