On 13 Jul 2026, at 16:26, Petr Špaček <[email protected]> wrote: >> Clients that require integrity protection of these signals should use an >> authenticated and encrypted transport between client and resolver, such as >> DNS over TLS [RFC7858] or DNS over HTTPS [RFC8484]. See Section 6 of >> [RFC8914] for more discussion. > > Could we drop the encryption part? TSIG or SIG(0) is a fine integrity > protection, too. No need to encrypt when it's not needed.
Thanks, we will make the text more general and avoid the suggestion that encrypted transports are the only way. Joe _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
