On 9/21/14 10:29 PM, Michael StJohns wrote:
On 9/21/2014 10:55 PM, David Conrad wrote:
Since we have to deal with a “full trust reboot” and that provides a superset of functionality to 5011, I’m still unclear as to why we care about 5011.
By the way, I just realized that the above is somewhat equivalent to "If we can just buy a new car when one breaks, then why would we need repair shops." Just saying. 5011 is the repair shop.
I'm pro-5011, and I think we should definitely be working towards a key succession strategy. (more on that later) But, we should be clear that while 5011 is the best tool we have, and will be effective for a significant percentage of end users, it won't be anywhere close to universally effective. Even things like dnsmasq, which is widely used, and recently gained DNSSEC support, will not be helped by 5011, it's still a manual process. There are (of course) many other examples. Doug