In article <[email protected]> you write: >I am against adoption for two reasons. The draft as it currently is, >requires that domain name owners and nameserver hosting administrators >synchronise their nameserver TLS keys.
Why wouldn't you publish multiple DS records for multiple nameserver keys, like the draft says? We have multiple DS for multiple DNSKEYs. >Second, this method introduces a possible national MITM by the TLD being >able to put in TLD wide DS records that might be published against the >wishes of the childen within the TLD. I don't understand the issue. How is that any different from now? If a parent publishes a DS with a key that doesn't match a child DNSKEY, the child loses. R's, John PS: I am not 100% sure I like this draft but I like it enough to adopt it and work on it. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
