Friday, March 01, 2013 11:58 AM Tony Finch wrote: > > I'm hoping to avoid yet another too-large RRset that could cause > > problems in abuse situations. > > Hmm, I wonder if it would be enough to put only the key tag in the CDS > RDATA, That wouldn't work because you might have two keys with exactly the same key-tag. You can't be certain that the key-tag is unique.
> and let the parent calculate the DS from the corresponding > DNSKEY. Assuming that the parent knows the algorithm that the child wishes to use for his DS record. That might not always be the case. I'm more concerned that we bloat the zone apex even further so that querying for 'example.com ANY' amplifies even more. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
