On Tue, Apr 6, 2021 at 11:48 AM Shumon Huque <shu...@gmail.com> wrote:
> Without DNSSEC, there is no current way to provide an indication about the > longest ancestor of the name that did exist. With DNSSEC, the NSEC or NSEC3 > records in the response can do this (as well as providing cryptographic > proof of this assertion with their signatures). > Thanks, this (and the others) is helpful. Focusing on "no current way", could the process described in RFC 8020 theoretically be amended to do so? It's fine if the answer is "no", but I'd love to understand why if that's the case. -MSK
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop