* Stephane Bortzmeyer: > OK, so there is nothing that can be done at the registry level. Doesn't the DNSSEC-based mitigation rely on RRSIGs whose validity does not extend too far into the future?