On 15/02/2021 22:58, Eric Rescorla wrote:
I don't recall. My sense was that people didn't like it being WebPKI rather than DNSSEC, but maybe there's some more fatal reason? If so, I'd certainly appreciate a link to that shooting down.
Forget, sorry. Can look tomorrow or maybe someone'll beat me to it - best I recall is maybe that renaming loadsa NSes is a non-starter, and getting that into the parent zone is a double non-starter. Even if you somehow did it alongside the current NS names for a while, load-balancing may break whenever a non-supporting recursive randomly lands on the <sentinel>.example.org instance. Something like that anyway IIRC. S
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
