John, all, > In particular, is there any good reason why validators should ever have their > TA configured in a non-RFC5011 state (i.e. using trusted-keys clause in BIND > or trust-anchor-file or trust-anchor clauses in Unbound)?
thanks for your suggestion. The PROTO writeup for 4641bis is in the makings and the WG has reached consensus concerning the scope and content of the draft, therefore it is too late now to add another aspect, also given the considerable length of the document. > Since there is no RFC5011 signalling mechanism, validator operators should > always assume that the TA may be under RFC5011 control and always use the > managed-keys clause in BIND or auto-trust-anchor-file clause in Unbound. I'd suggest we discuss this in a different thread. -Peter _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
