On Thu, 18 Apr 2013, Joe Abley wrote:
There's no protocol meaning at present for an apex DS RRSet, which means it
ought to be harmless to add one. A parent (or the parent's agent) could decide
to act upon the presence of a signed apex DS RRSet just as easily as it could
with CDS. It might as well pick up the signed NS set while it's there.
By this thinking, a signed apex DS RRSet with the meaning discussed for CDS
could be deployed today, with no need for code point assignment. What am I
missing?
Let's not repeat root-servers.net and .net on the same nameserver
leading to overly complex interpretations of old DNS clients vs new DNS
clients for DS records. Or what to serve when parent and child have a
different DS set on the same name server :)
Paul
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
