|
|
|
|
|
|
by tptacek
3 hours ago
|
|
|
I came to this thread with data. Your 20-at-the-moment DNS domains versus the current signing statistics of the Tranco Top 1000. At the point where we're arguing about fail-open versus fail-closed, our premises are too far apart to get anywhere. We can part company here: I'm speaking, in part, for the people who believe that any viable security protocol must fail closed. Plenty of security protocols have ultimately failed in the marketplace and been abandoned. DNSSEC is simply another one of them. |
|
|