[ksk-rollover] 答复: 答复: Architectural reconsideration on ICANN's Root Zone KSK rollover
Davey Song(宋林健)
ljsong at biigroup.cn
Mon Feb 26 04:06:58 UTC 2018
Hi Marc and Robert,
> > There is still risk in this. Many end users are behind NATs.
> a large majority of end users are behind IPv4 NATs.
Thanks for pointing out the weakness of this mechanism. I think DNS cookie can help in this scenario. DNS cookie is already standardized and deployed.
Davey
More information about the ksk-rollover
mailing list