On Wed, Nov 26, 2008 at 10:50:56AM -0500, Russ Housley wrote: > I have been approached about a plenary experiment regarding > DNSSEC. The idea is for everyone to try using DNSSEC-enabled clients > during the plenary session. I like the idea. What do others think? I agree with others' views that validation alone is not very helpful and some frequently queried for domains' zones should be signed as part of that experiment. By IETF74, the IANA (I)TAR might also be available as one source of TLD trust anchors. Still that date might be too early to encourage end system validation, so adding validation and an "interesting" set of TAs to the meeting's recursive name servers is another option, even if on the WLAN we can't trust the path between stub and recursive resolver. However, I'd hope the limited time did not imply the proponent(s) offered a demonstration during the plenary ... Central resolvers would also provide for "easy" access to raw data for statistics purposes. -Peter _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf