On Dec 15, 2016, at 11:05 AM, Jacques Latour <jacques.lat...@cira.ca> wrote: > Where do you delegate homenet to? Advanced DNSSEC validation may check for > proper delegation?
I think we should ask ICANN to set up an unsecured delegation of .homenet to the AS112 servers. In order for names under .homenet to be validated by DNSSEC, it would be necessary for the validating resolver to have a trust anchor for any homenet on which it wants to do validation, and a means of differentiating between homenets so that it doesn’t use the wrong key to validate. But that’s out of scope for this discussion: the point of this discussion is simply to figure out whether we want to do the hard thing or the easy thing: .homenet or home.arpa.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
