[ksk-rollover] 答复: 答复: Architectural reconsideration on ICANN's Root Zone KSK rollover

Davey Song(宋林健) ljsong at biigroup.cn
Mon Feb 26 04:06:58 UTC 2018

Previous message: [ksk-rollover] Concerns about KSK generation software quality.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Marc and Robert, 

> > There is still risk in this. Many end users are behind NATs.

> a large majority of end users are behind IPv4 NATs.

Thanks for pointing out the weakness of this mechanism. I think DNS cookie can help in this scenario. DNS cookie is already standardized and deployed.

Davey

Previous message: [ksk-rollover] Concerns about KSK generation software quality.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the ksk-rollover mailing list