Hi, > This implies extra infrastructure to generate and securely transmit <secret> > between > the parent and child, and administrative activity to set this up somehow. > > The publication method does not imply any administrative action other than > updating > the DNS software and activating the DNSSEC feature. Maybe i am missing something here, but with the publication method you also have the bootstrap that has to happen out-of-band. Meaning i as a child will always have to provide my parent in a secure way (which is not established by then) with my initial (C)DS record. Why not use that step to perform above mentioned exchange?
Regards, Wolfgang _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
