Hiya,
On 26/05/2021 20:49, Eric Rescorla wrote:
As noted in my presentation, it's more than an optimization. It's an important security function in cases where the sensitive domain name is the apex.
I agree with Eric on the above. And a similar thing is true of the DS record for DNSSEC. And there's no evidence I've seen that either is remotely practical for the vast majority of 2LDs. (A few exceptional TLDs aside.) That's really a pity, and I'd love to see things improve but that's where we seem to be and have been for years. Cheers, S.
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy