On 8 Jul 2014, at 16:40, Tony Finch <d...@dotat.at> wrote: > Jim Reid <j...@rfc1035.com> wrote: >> On 8 Jul 2014, at 16:14, Tony Finch <d...@dotat.at> wrote: >> >>> simply slaving the root zone doesn't give you any good way to detect >>> or recover from a corrupted zone transfer. >> >> If that's a credible threat/risk, there are ways to mitigate it. Perhaps >> v2 of this draft could discuss these. > > -01 already does: it requires the slave to validate the entire zone before > putting it into service, and it requires fallback to "legacy" non-slave > resolution.
Indeed. But you seemed to be implying that those provisions were insufficient or defective. Oh well. FWIW I wonder if "MUST validate" is good enough when there's no mention of the One True Trust Anchor which presumably should be used for that. Would out-of-band validation (handwave!) such as rsync over SSH be OK? _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
