On Feb 27, 2019, at 10:57 AM, Stephen Farrell <[email protected]> wrote: > Yep. After both domains have DNSSEC, then this could all be > simpler. Before they do, there may be value in the sigs though > see John's simplification suggestion at [1].
If they don’t have DNSSEC, what’s the point of saying the domains are related anyway? What are the security properties of such an assertion when the content of the zones can’t be validated?
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
