> On Jun 19, 2018, at 4:48 PM, Ondřej Surý <ond...@isc.org> wrote: > > > Do people think the SIG(0) is something that we should keep in DNS and it > will be used in the future or it is a good candidate for throwing off the > boat? > > Ondrej
As far as I can tell, SIG(0) is the only mechanism in DNS to ensure the question you asked is being answered as well as ensuring that all of the responses from the server are included. DNSSEC will tell you the answer you get is correct but it could be a to a different question or be incomplete. This would seem to be an important tool in the toolbox as we move forward into more private and secure DNS. Tom _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop