On Oct 25, 2023, at 10:11, Paul Vixie <[email protected]> wrote: >
[speaking as individual] > i am uncomfortable using the UPDATE RCODE for a purpose unrelated to zone > modification. perhaps propose a new RCODE having the same message form as > UPDATE? I agree. >> 2. No requirement for DNSSEC. Great as DNSSEC is, being able to automate the >> management of delegation information for *all* zones, regardless of whether >> the parent is signed or not, regardless of whether the child is signed or >> not, is an advantage. > > some years back this working group adopted a ubiquity regime for DNSSEC in > that all new specifications "must" expect DNSSEC to be in use and "should" > depend on it when in-scope functionality is needed. has that changed? I agree here as well. The longer we pretend DNSSEC is “optional” and make DNS the last protocol lacking simple spoof protection, the longer we put a brake on deployment of DNSSEC. And the longer we need to write drafts hacking around this. Paul _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
