> On Jul 25, 2018, at 20:47, Ondřej Surý <[email protected]> wrote: > > > For ZONEMD, this isn’t true, as you can (in theory) feed the zone with > infinite amount of non-DNSSEC-signed > data (GLUEs, delegations) thus making the collision attack feasible.
That’s why I suggested already to add the count of the number or unsigned records to the ZONEMD record. Paul _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
