Open CBonnell opened 2 years ago
This was discussed on the 2022-07-28 call.
There was a lack of interest in prioritizing this item.
This was discussed again on the 2023-10-19 call. There was rough consensus that we should keep this in the backlog, as there may be some security value in requiring this. However, the MPIC/MPDV work may lessen any additional benefit derived from mandating DNSSEC verification.
Consider removing exceptions for DNSSEC failures on CAA lookup, and fail-closed instead.