Joe Abley <joe.ab...@icann.org> wrote: > > Since these are all junk domains of no global significance, it's hard to > see how they could be signed. The expectation is (as currently) that > they would not be.
And rightly so. Since it is normal (especially for the RFC1918 zones) for sites to have local versions of the zones, it is much easier operationally if the zones are not signed. If they are signed then any site that overrides them would have to distribute trust anchors to all validators, so that they are able to resolve the local names without rejecting them as bogus. If the AS112 zones are not signed then distributing trust anchors for local versions is optional, depending on whether the site wants to bother validating them. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Forties: Northwest 5 or 6, occasionally 4 later. Moderate or rough. Showers. Good. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
