On Sat, May 24, 2014 at 11:58:25PM +0200, Florian Weimer wrote: > Uhm. Why insecure and not bogus?
Mark's plan includes an algorithm number change. If you're a validator and the signing algo is one you don't know, then it's an insecure delegation, not a bogus one. I note that this means that DANE type approaches won't work reliably with ENAME until everyone has upgraded validators. A -- Andrew Sullivan [email protected] _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
