On Sep 15, 2021, at 12:09 PM, John Levine <[email protected]> wrote: > Technically I don't see any problems but I still don't understand the > semantics > of signed glue. When the glue and the authoritative disagree for, say, the A > record of > a name server, what do you do?
The wording in the draft isn't super-clear on this, but Ben's responses here and in DNSOP have been. DNGLUE contents are treated exactly like other DNS glue, meaning they are useful for the current operation only. A resolver can just forget they saw them after the current operation is complete. > If you believe the authoritative and discard the glue, what was the benefit > of the signed glue? You get it in the first query, so you can find authoritative information about whether the nameservers have encrypted transports. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
