29 May
2012
29 May
'12
7:02 a.m.
On 5/29/2012 10:27 AM, Stephane Bortzmeyer wrote:
On Mon, May 28, 2012 at 10:01:59PM +0000, paul vixie <vixie@isc.org> wrote a message of 37 lines which said:
i can tell more than that. rover is a system that only works at all when everything everywhere is working well, and when changes always come in perfect time-order, Exactly like DNSSEC.
no. dnssec for a response only needs that response's delegation and signing path to work, not "everything everywhere".
So, DNSSEC is doomed :-)
i hope not. if we had to start over on something that can protect the cache against trivial pollution and also enable new applications like DANE, we'd be ten years from first prototype instead of ten years from ubiquity. paul