I propose a lightweight DNSSEC. http://www.ietf.org/id/draft-yao-dnsext-msig-00.txt which may push the dnssec to be deployed easily. :) Jiankang Yao ----- Original Message ----- From: "Stephane Bortzmeyer" <bortzmeyer@xxxxxx> To: <ietf@xxxxxxxx> Sent: Tuesday, August 31, 2010 2:41 PM Subject: DNSSEC is hard to get right >% check-sig iab.org > Name iab.org has an expired signature (20100829223019) > > :-( > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf