You would need a special resolver to _validate_ .homenet automatically using a trust anchor published by the home network. You do not need a special resolver to look up names in the homenet without validation, if there is an unsecured delegation at the root. If there is a secure denial of existence or a secure delegation at the root, then no validating resolver can look up names in the homenet domain.
On Wed, Dec 14, 2016 at 8:24 PM, John R Levine <jo...@taugh.com> wrote: > On Wed, 14 Dec 2016, Ted Lemon wrote: > >> That is precisely why we need an unsecured delegation. >>>> >>> >>> Except that as the [etc] said, it doesn't really solve the problem. >>> >> > It solves the problem of not repudiating names in the homenet. You have >> to have a special resolver to be able to validate them. >> > > I'm confused -- if you need a special resolver to handle .homenet anyway, > why does it matter what's in the root? > > R's, > John >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
