> On Feb 23, 2021, at 1:08 PM, Ben Schwartz wrote:
>
> The DNSSEC Strict Mode flag appears in bit $N of the DNSKEY flags field.
> If this flag is set, all records in the zone MUST be signed correctly under
> this key's specified Algorithm. A validator that receives a Strict Mode
> DNSKEY with a
NSSEC Strict
> > Mode":
> >
> https://datatracker.ietf.org/doc/html/draft-schwartz-dnsop-dnssec-strict-mode-00
> Interesting read. Some comments:
> - Shouldn’t multiple signatures/algorithms be the exception only used
> when
> migrating to a new one? Having multiple algorithm
Moin!
On 23 Feb 2021, at 16:08, Ben Schwartz wrote:
Inspired by some recent discussions here (and at DNS-OARC), and
hastened by
the draft cut-off, I present for your consideration "DNSSEC Strict
Mode":
https://datatracker.ietf.org/doc/html/draft-schwartz-dnsop-dnssec-stri
On 23. 02. 21 16:08, Ben Schwartz wrote:
Inspired by some recent discussions here (and at DNS-OARC), and hastened
by the draft cut-off, I present for your consideration "DNSSEC Strict
Mode":
https://datatracker.ietf.org/doc/html/draft-schwartz-dnsop-dnssec-strict-mode-
On Tue, 23 Feb 2021, Ben Schwartz wrote:
Inspired by some recent discussions here (and at DNS-OARC), and hastened by the
draft cut-off, I present for your consideration "DNSSEC Strict
Mode":
https://datatracker.ietf.org/doc/html/draft-schwartz-dnsop-dnssec-strict-mode-00
Abstract:
Schwartz napsal(a):
Inspired by some recent discussions here (and at DNS-OARC), and
hastened by the draft cut-off, I present for your consideration
"DNSSEC Strict Mode":
https://datatracker.ietf.org/doc/html/draft-schwartz-dnsop-dnssec-strict-mode-00
<https:
Libor
Dne 23. 02. 21 v 16:08 Ben Schwartz napsal(a):
Inspired by some recent discussions here (and at DNS-OARC), and
hastened by the draft cut-off, I present for your consideration
"DNSSEC Strict Mode":
https://datatracker.ietf.org/doc/html/draft-schwartz-dnsop-dnssec-st