On 17 Sep 2010, at 11:28, W.C.A. Wijngaards wrote:
Are you sure that we want to create a cross-dependency on the https security for the DNS security?
Depends...
This means the DNS and cert paths are no longer different trust paths.
That might or might not be a bad thing. If the One True TA is lost and needs to be re-instantiated, some sort of out of band mechanism is going to be needed. That may have to be a manual intervention. What mechanism is used will depend on local policy. I'm not sure it's wise to limit our options to HTTPS.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
