On 9/28/20 11:03 AM, Lennart Poettering wrote:
So far we side-step the DO issue by returning a clean error when
clients set DO: "not implemented", plus a log message in syslog with
more info. I'd argue that for the vast majority of users this is
perfectly enough. Because IRL client-side DNSSEC doesn't really exist
outside of some very specific circles of DNS nerds, I guess.
Do you mean, "professionals for whom security is a primary job function?"
As other list members have already been asked to avoid making this
conversation personal, can we *all* not make it about the people, please?