In article <alpine.lrh.2.21.1808102138510.16...@bofh.nohats.ca> you write:
>I am not objecting other then having 0 desire to help out unsigned zones
>security with transport security.
The way that ZONEMD is defined in the draft, it's not very useful if
the ZONEMD record isn't signed. Otherwise the malicious party can
just recompute the hash over the tampered zone.
DNSOP mailing list