On Tue, 29 Oct 2019, Neil Cook wrote:
FWIW, I've previously stated a preference for dropping the use of ".well-known" entirely, and using draft-00's "resolver-info.arpa" name instead of reverse-IP, in order to improve support for passive forwarders. I understand this was changed in the hope of offering some kind of security here with DNSSEC, but I think it's unlikely to work in practice, and we're better off keeping things simple.I completely agree. I’d much rather see something like "resolver-info.arpa" instead of reverse-IP.
Throwing DNSSEC under the bus for a "simpler" name seems rather excessive. I for one would like to see DNSSEC in the reverse support when possible. For a future where not everything is chained to a single all-powerful LetsEncrypt root CA. Paul _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
