On 2014-02-07, at 13:18, Doug Barton <[email protected]> wrote: > On 02/07/2014 10:14 AM, Warren Kumari wrote: > >> We are not allowing zones to go from unsigned to signed: > > Right, and because it says not to do it in the RFC no one is going to do it? > :)
I don't see how it would work. The parental agent has no automated way to trust the C* RRSets published in a zone with no secure delegation from its parent. Joe
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
