At 21:29 +0100 12/6/06, Olaf M. Kolkman wrote:

>Anyway, this all boils down to the blunt question: Should we flush all
>DNSSEC-bis work and put our bet on SO?

I don't see SO and DNSSECbis/ter as competing. They aren't solving
the same problem. So I would suggest the answer is no.

I don't see much forward momentum for DNSSEC* regardless of DLV,
NSEC3, SO, or any other factor recently debated on this list.
There's nothing standing in the way of progress, progress is just not
happening. I have seen equally little forward momentum for SO. Is
there code for it yet?

Is there evidence that the SO document's presence has stopped someone
from deploying DNSSEC*? I'm presuming not, but I wouldn't know. Has
anyone been told to hold back on DNSSECbis because there are ongoing
discussions over NSEC3, etc.? Are the distractions really
distracting or just providing an excuse?
Edward Lewis +1-571-434-5468

Dessert - aka Service Pack 1 for lunch.

to unsubscribe send a message to with
the word 'unsubscribe' in a single line as the message text body.