The reason I hummed against this idea is that I think it is better to teach validators to not strip dnssec signed additional data, and just supply the data there.
The current document as explained today seemed to limit itself already to in baliwick or subzone data. That seems a much simpler solution to the proposed problem. Paul _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
