On Sat, 14 Aug 2021, Paul Hoffman wrote:
This concise list also points out a very serious terminology problem that
affects this discussion: unsigned NS records in a response are not glue records.
I disagree. While I understand that RFC 8499 explains glue as:
Glue records: "...[Resource records] which are not part of the
authoritative data [of the zone], and are address RRs for the
[name] servers [in subzones].
And so yes, since conveying secure transport _to_ a nameserver is not an
address RR, technically this would fall outside the definition of glue.
but clearly the spirit of the meaning of glue is that these are "any
child zone records at the parent needed to properly contact the child
nameserver", and in that sense, conveying a public key for secure
transport to the child nameserver is clearly "glue".
Paul W
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
