Hi Paul,
> On 15 Dec 2017, at 12:51 pm, Paul Hoffman <paul.hoff...@vpnc.org> wrote: > > Please see <https://github.com/APNIC-Labs/draft-kskroll-sentinel/pull/1>. > This is a small set of changes that make the draft not treat the root zone as > special. It allows the labels to be used for any zone, not just the root. > Could you please elaborate on the motivation here? I am unsure whether this is needed, or, perhaps more critically, I’m unsure if this represents a harmless general form of information disclosure (that the resolver is using local trust keys for some unspecified non-root zone). I agree the mechanics of the change in the text, and even in the code for support this are pretty minor, but I am slightly worried about the intended generality of the proposed change being a small step too far, so I am curious to understand why you are advocating this change. regards, Geoff _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop