On 27September2010Monday, at 7:48, Tony Finch wrote: > On Fri, 24 Sep 2010, Phillip Hallam-Baker wrote: >> >> DNSSEC is a mechanism for establishing inter-domain trust. It is not an >> appropriate technology for intra-domain trust. > > Why not? Because the "atomic" unit of DNSSEC is a domain/zone/delegation, not a specific RRset. Everything in a domain has the exact same threat model. --bill > > Tony. > -- > f.anthony.n.finch <dot@xxxxxxxx> http://dotat.at/ > HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WEST OR NORTHWEST, 5 TO 7, > DECREASING 4 OR 5, OCCASIONALLY 6 LATER IN HUMBER AND THAMES. MODERATE OR > ROUGH. RAIN THEN FAIR. GOOD. > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf