I'm assuming there's a very obvious answer to this question, but what would
break if unsigned wildcard caching were covered by allowing
DNSSEC-independent NSEC (and therefore
https://tools.ietf.org/html/draft-ietf-dnsop-nsec-aggressiveuse )?
$ cat zones/github.io
; apex records
github.io. 900 IN
On 11 Aug 2017, at 7:39, Matthew Pounsett wrote:
> It sounds like you're assuming that SWILD would be supported by caching
> servers that do not support DNSSEC or NSEC aggressive use. Why do you
> expect implementers would adopt SWILD before adopting these much older
> features?
This is my top
On 11 August 2017 at 01:02, Lanlan Pan wrote:
>
>> We can get even better behavior from aggressive NSEC use. Here are
>> advantages of aggressive NSEC use:
>> - does not require changes to existing authoritatives or signed zones
>> - less fragile (if we consider manual SWILD