Hi all, I have been thinking of a way to authenticate DoT servers for delegations that cannot be validated using DANE as describe in Stephane’s draft https://tools.ietf.org/html/draft-bortzmeyer-dprive-resolver-to-auth-01
The idea is to leverage both DNSSEC and SPKI to authenticate a zone but by relying on the parent to validate the public key. I have documented it at https://datatracker.ietf.org/doc/draft-bretelle-dprive-dot-for-insecure-delegations/ Feedback is welcomed. Thanks Manu
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
