In article <cah1iciqf_iap4trtcrncoqb2s71rmhg9eeyeugendtjkexw...@mail.gmail.com> you write: >I think there will be both interest and deployment, sufficient to justify >the effort.
I hope so, but some actual comments from large DNS operators would be welcome. >root-servers.net be DNSSEC signed, but without a secure delegation. ... Do any DNS resolvers use root-servers.net? I thought they took an IP address from the local cache file and then an NS query to get the current root set. This doesn't strike me as a problem we urgently need to solve. >(Also, I think the ADoT requirements should include an assumption that ADoT >is not supported unless the nameserver name explicitly signals such at or >under the nameserver's name.) I'm not yet prepared to rule out approaches where the parent sends the signal. R's, John _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
