I submitted draft-fujiwara-dnsop-delegation-information-signer-00. Name: draft-fujiwara-dnsop-delegation-information-signer Revision: 00 Title: Delegation Information (Referrals) Signer for DNSSEC Document date: 2020-11-03 Group: Individual Submission Pages: 6 URL: https://www.ietf.org/archive/id/draft-fujiwara-dnsop-delegation-information-signer-00.txt
DNSSEC does not have a function to validate delegation information. I think it is a large missing peace of DNSSEC. I have a question why we did not include signature validation function to delegation information ? Probably, because it is non-authoritative information. Or, because it was difficult to define the necessary and sufficient delegation information. It is now widely agreed (although not explicitly documented) that the delegation information is the information used for name resolution and does not result in name resolution. We have a word "in-domain" glue which is the necessary and sufficient glue. And the idea may offer the signature for root priming data. If someone interested the document, I would like time slot at dnsop WG meeting. Regards, -- Kazunori Fujiwara, JPRS <fujiw...@jprs.co.jp> _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop