(Changing the thread subject because it now feels like much less of a hack)
On Aug 6, 2021, at 8:21 AM, Ben Schwartz <[email protected]> wrote: > Hi DPRIVE. I've written this up as a proper I-D at > https://datatracker.ietf.org/doc/html/draft-schwartz-ds-glue-00. Please > review. > > In addition to the precise description of how to extend "DS" in this way, > there's also some text explaining how this interacts with DANE and PKI > authentication, making creative use of NSEC for performance. I like this draft a lot. I suspect there will be tweaks, but I hope the WG adopts it as the way to signal in the parent. It works well for the fully-authenticated case, and is also useful for the unauthenticated case to cause more encryption. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
