John Dickinson <j...@sinodun.com> wrote: > > I have been planning to write a draft to address 1 by having validators send > the DS of known TA's in an edns0 option code. This info, could then be logged > by the authoritative nameservers.
Good idea, though just the key tags should be enough. (I think key management software ensures that tags don't collide.) If you only include the EDNS option when querying for the DNSKEY RRset then that tells the server which zone to the trust anchor key tags belong to. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Forties, Cromarty, Forth, Tyne, Dogger: South or southeast 4 or 5, increasing 6 at times. Slight or moderate. Mainly fair. Moderate or good. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop