It feels like a lot of DNSSEC questions these days are being answered by "that's covered if you use RFC 5011". If so, then maybe proper use of RFC 5011 (such as when to assume that a zone is *really* being signed, not just for practice) should be part of draft-ietf-dnsop-rfc4641bis.
--Paul Hoffman, Director --VPN Consortium _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
