Paul Wouters wrote: > The reason I hummed against this idea is that I think it is better to > teach validators to not strip dnssec signed additional data, and just > supply the data there. > > The current document as explained today seemed to limit itself already > to in baliwick or subzone data.
Hi, I couldn't make it to IETF 96, but consider this a virtual hum against this idea also. > That seems a much simpler solution to the proposed problem. If I'm not mistaken, there's also no specification work required, either. (Besides, perhaps, specifying a RR that configures the behavior in the nameserver.) Nameservers are allowed to add “useful” RRs to the additional section, using local data. -- Robert Edmonds _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
