On Jan 6, 2021, at 16:30, Paul Hoffman <[email protected]> wrote: > > On Jan 6, 2021, at 1:19 PM, Paul Wouters <[email protected]> wrote: >> Remember also that TLS ciphers are negotiated. > > A better analogy might be "although TLS key exchange and encryption ciphers > are negotiated, the signing algorithm on the server's certificate is not > negotiated". DNSSEC signing is much more akin to the latter, I think. > >> There is no negotiation >> in DNSSEC. > > Quite right, just as there is no negotiation for the authentication in TLS.
I stand corrected. You are right. Paul _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
