Hi Paul,

> On 15 Dec 2017, at 12:51 pm, Paul Hoffman <paul.hoff...@vpnc.org> wrote:
> 
> Please see <https://github.com/APNIC-Labs/draft-kskroll-sentinel/pull/1>. 
> This is a small set of changes that make the draft not treat the root zone as 
> special. It allows the labels to be used for any zone, not just the root.
> 

Could you please elaborate on the motivation here? I am unsure whether this is 
needed, or, perhaps more critically, I’m unsure if this represents a harmless 
general form of information disclosure (that the resolver is using local trust 
keys for some unspecified non-root zone).

I agree the mechanics of the change in the text, and even in the code for 
support this are pretty minor, but I am slightly worried about the intended 
generality of the proposed change being a small step too far, so I am curious 
to understand why you are advocating this change.

regards,

   Geoff


_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to