>> The point is that the current policy for the root precludes an >> unsecure delegation. > >Huh? If by "insecure delegation" you mean "no DS record", then are are plenty >such delegations right now:
No, I think the point is that you want the equivalent of an NSEC3 opt-out, but the root is currently signed with NSEC. Having said that, I don't see why this name is any different from other special names. If you want your cache to return DNS answers for any of them, you have to add special cases. My cache (unbound) already does for localhost names. R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
