Seeing Warren's recent draft on updates of DNSSEC trust anchors encouraged me to finish and submit what I think may be a better method for tracking trust anchor updates. I've described an edns-key-tag option, which puts trust anchor key tags in the EDNS OPT record. It is modeled after RFC 6975, which is a way that clients can signal to servers the DNSSEC algorithms that they support.
https://datatracker.ietf.org/doc/draft-wessels-edns-key-tag/ Feedback would be welcomed. Duane W.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
