On Fri, Jun 10, 2016 at 12:24:00PM +0200, Stephane Bortzmeyer <[email protected]> wrote a message of 29 lines which said:
> I see several solutions: Kim-Minh Kaplan reminded me I forgot the most obvious one: using the X.509 security model. Certs for authoritative name servers, signed by regular CAs, with the IP address of the server in the Subject Alternative Name. Also, these solutions can be improved by solutions like automatic key pinning (see RFC 6797). _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
