Andrew Sullivan wrote:
If you establish a policy for one concern, should you care about other impact of the policy?On Tue, Oct 27, 2009 at 11:51:11AM -0400, Thierry Moreau wrote:The DNS root signature deployment plan includes a gradual roll-out phase during which the policy should be (must be?) to prefer insecure over bogus in a case where the protocol allows either.Surely that's not exactly relevant to the case under discussion, because there can't possibly be a downgrade for the root due to some higher-level intermediate insecured zone. Right? A
- Thierry