ShivanKaul
commented
1 year ago @shuque can you take a look at the DNSSEC section in Security Considerations?
Closed ShivanKaul closed 1 year ago
ShivanKaul
commented
1 year ago @shuque can you take a look at the DNSSEC section in Security Considerations?
shuque
commented
1 year ago About this, right? "DNSSEC validation MUST be enabled by service providers that verify domain control validation records they have issued"
Yeah, I think "SHOULD" will be an easier sell. I could be wrong, but "MUST" will probably invite the DNSSEC opponents to bicker vigorously with the draft once it goes to wider IETF review. If the application provider doesn't or can't support DNSSEC validation, we can also recommend that they deploy compensating measures such as multi-vantage point queries, etc.
moonshiner
commented
1 year ago I agree - SHOULD is an easier sell sadly.
Use RECOMMENDED