--On 22 January 2010 15:45:54 -0500 Edward Lewis <[email protected]>
wrote:
contents) in example.org. So, whilst opt-out should be avoided
across intervals containing secure delegations, I see no reason
to avoid it across intervals that don't contain secure delegations.
Opt-out is restricted to "intervals" that contain only unsecured
delegations.
Doh! Yes indeed. In which case I stand by my original argument: I can't
see how opt-out really increase spoofability. It can't affect
a secure delegation, and the contents of an insecure delegation
or denial thereof (if not the delegation itself) are spoofable
with or without opt-out. Paul's example of a secure delegation
with opt-out across it can't exist.
--
Alex Bligh
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
