In article <alpine.lrh.2.21.1808102138510.16...@bofh.nohats.ca> you write:
>I am not objecting other then having 0 desire to help out unsigned zones 
>replace origin
>security with transport security.

The way that ZONEMD is defined in the draft, it's not very useful if
the ZONEMD record isn't signed.  Otherwise the malicious party can
just recompute the hash over the tampered zone.

R's,
John

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to