> On Jul 29, 2015, at 8:09 PM, Wessels, Duane <dwess...@verisign.com> wrote: > > Seeing Warren's recent draft on updates of DNSSEC trust anchors encouraged > me to finish and submit what I think may be a better method for tracking > trust anchor updates. I've described an edns-key-tag option, which puts > trust anchor key tags in the EDNS OPT record. It is modeled after RFC > 6975, which is a way that clients can signal to servers the DNSSEC algorithms > that they support. > > https://datatracker.ietf.org/doc/draft-wessels-edns-key-tag/ > > Feedback would be welcomed. > > Duane W.
Duane, Question: Validator has following TA’s configured . 12345 and 23456 evil.example 9666 6669 The if the query is for verisign.com <http://verisign.com/> what TA”S are returned if the query is for www.evil.example <http://www.evil.example/>. What TA’s are returned ? Olafur
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
