On 11/13/17, 13:30, "DNSOP on behalf of Evan Hunt" <dnsop-boun...@ietf.org on behalf of e...@isc.org> wrote:
>Mark's idea to push updates to the parent instead of relying on polling used a >SRV query to identify the correct recipient of an UPDATE: > > ...draft-andrews-dnsop-update-parent-zones-04... This would mean then signing all the SRV sets, so I assume to preserve the benefits of "OPTOUT", you'd want these only for the names that had DS sets. For the others, I assume either no answer or the wildcard ... in the TLD. (That latter thought might be unsettling to some people.) What I mean is that there is still a scaling problem, in some dimension, to deal with because the DNS is inherently a "down-only" tree.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
