Minimizing resolver costs, cont’d There are at least three different proposals for how to improve the situation. Note that the decision of what key to trust (i.e. what key will the resolver decide to use as a “trusted-key”) is a local policy decision therefore the mechanisms that aim to minimize the effort needed do not need to affect the actual protocol therefore there is no delay in getting the DNSSEC RFCs done associated with this this can be done purely in “policy space” as opposed to “protocol space” |