On Mon, Oct 13, 2014 at 12:17 PM, Paul Wouters <[email protected]> wrote: > On Mon, 13 Oct 2014, Phillip Hallam-Baker wrote: > >> I think we can maybe clarify the charter a little here. >> >> Protecting the integrity of the messages between the stub and the >> resolver should be a requirement for any spec. > > > Yes. > >> But authenticity of the authoritative zone data is a completely >> separate problem. For that purpose we want to be able to do offline >> signing. > > > This is completely out of scope. We have DNSSEC for that.
Which is why it would be appropriate for the charter to exclude it. I want the charter definition to be precise and put out of scope only what DNSSEC actually does rather than 'authentication' in general which it does not. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
