On Sep 11, 2020, at 7:23 PM, John Levine <[email protected]> wrote: > > In article <[email protected]>, > Paul Hoffman <[email protected]> wrote: >> On Sep 11, 2020, at 4:40 PM, Mark Andrews <[email protected]> wrote: >>> >>> and why is it a RR type at all. >> >> So that the answer can be signed and thus validated. > > It looks to me like all of the servers for a particular zone would > have to return the same AUTHINFO, which seems like a bad idea since > they don't necessarily all have the same features.
At this point, the only information we defined in the draft is for doing client subnet. If there are server sets for a single zone where some do client subnet, and others don't, then your concern is valid. Changing this to an uncacheable, unverifiable EDNS option is easy. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
