Yes, but… On Oct 31, 2014, at 10:20, Dave Lawrence <t...@dd.org> wrote: > > On a barely related note, qname min helps with the logical progression > of the DNSSEC chain when a signed subdomain of a signed domain is > hosted on the same machine. With longest match rules a full qname > means the resolver has to infer that there's a missing link it needs > to go back and ask about.
WIth long-lived keys (TTL wise) the recipient may already have a copy of the keys validating the signature that arrives. (In the dark ages we included the KEY set in each answer before we realized that it was overkill to do so. Yes, the “KEY” set - I said it was in the dark ages.) _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
