On Apr 29, 2020, at 7:27 PM, Mark Andrews <ma...@isc.org> wrote: > provably insecure: proved no DS records at a delegation at or above the > name, proved that there are only > unsupported algorithms in the DS RRset at a delegation at or above the > name, not under a trust-anchor.
When I’m talking about an unsigned CNAME, this is what I mean.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop