Antoin Verschuren <[email protected]> wrote: > I read the draft, and I seem to be missing a part where a domain is > intentionally insecure. Such a situation might occur f.e. in tools > investigating if DNSSEC is working properly from an end user > perspective. I can also imagine there are other situations where DNSSEC > validation is broken on purpose. So somewhere in section 7 it should > state not to use negative trust anchors for domains that are > intentionally insecure, though I wonder how this could be signalled (in > a secure way).
Do you mean insecure (no DS) or bogus (broken RRSIGs)? Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Dover, Wight: Northeast 4 or 5, increasing 6 at times until later. Slight or moderate. Fair. Moderate or good. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
