>For example www.example.com pushes you a AAAA record for img1.example.com. >Should you use it? What if it is for img1.img-example.com ? Do the >relationship between these domains matter? What kind of relationship (i.e. >it could be a domain relationship, or in the context of a browser it might >be a first-party tab like relationship, etc..)? What are the implications >of poison? Trackers? Privacy of requests never made? Speed? Competitive >shenanigans or DoS attacks? > >This was out of scope for DoH.
Assuming that in the context of DoH reply size is not an issue, is seems to me that this use case is already solved by DNSSEC. Just push all required signatures, key material and DS records that allow the receiving side to validate the additional information. Are you trying to re-invent DNSSEC for people who don't want to deploy DNSSEC? _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
