On 2014-02-07, at 14:22, Warren Kumari <[email protected]> wrote: > On Fri, Feb 7, 2014 at 2:12 PM, Joe Abley <[email protected]> wrote: > >> On 2014-02-07, at 13:18, Doug Barton <[email protected]> wrote: >> >>> On 02/07/2014 10:14 AM, Warren Kumari wrote: >>> >>>> We are not allowing zones to go from unsigned to signed: >>> >>> Right, and because it says not to do it in the RFC no one is going to do >>> it? :) >> >> I don't see how it would work. The parental agent has no automated way to >> trust the C* RRSets published in a zone with no secure delegation from its >> parent. > > No no no... You don't see how it would work *securely*.
Fair enough. I had taken that as a given, but you're right, it makes sense to spell it out. Joe
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
