>>> And yes, this will fail if any of the loopback drafts are deployed. >> Sorry, I must be missing something obvious. Why? > As to why, perhaps I am missing the obvious, but if SUDSTA proceeds, does it > matter if the origin IP of the root zone being served > is sporadically distributed? It seems that one could not presume to have > the data to assert the penetration of the new keys nor the > origin of the stale keys, if that information was diffused through the IP > address space.
Ah. I thought when you said 'will fail', you meant the scheme itself wouldn't work. Yes, we won't be able to see anyone who does root-loopback, but that is no different than the existing situation, right? Regards, -drc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
