Paul Wouters <[email protected]> wrote: > > I do still have a concern that this is using its own signature schemes > embedded in the records instead of relying on DNSSEC. But I guess > that's just the world we live in now.
I wonder if it should instead be a SIG(SOA) where the signer is the primary domain, but I'm not sure what the other bits of this SIG record should say. Also, I wasn't around when DNSSEC worked like that, so there are likely to be all sorts of good reasons why this is not a fun and enticing prospect. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ no one shall be enslaved by poverty, ignorance, or conformity _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
