>I read the draft and like the direction of it. >It looks like you are proposing turning off a validation for domain by >the negative trust anchor.
Correct >An alternative is to insert a negative trust anchor for a particular >trust anchor. Do you mean when an alternative trust anchor is used by a validating resolver? Like the ITAR or the ISC DLV trust anchor (or for other islands where the TLD is not signed)? >In the first case there is an action required by the validator operator >to remove the negative trust anchor, >but in the second case once an >alternate trust anchor is available then the domain starts validating >again. HmmmŠ So who takes the action to create or remove the (temporary?) alternate trust anchor? - Jason _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
