@mikko I do not completely agree: if the SEA had changed the DNSSEC info, it would have been detected as a botched key rollover.
@4Dgifts @bortzmeyer So, because the number of validating resolvers is (currently) low, you are recommending to not sign anything at all?
-
-
This Tweet is unavailable.
-
@4Dgifts@bortzmeyer Not prevented, but mitigated, and yes, only for people who care about DNS security. Still better than nothing. - 1 more reply
-
-
This Tweet is unavailable.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.