On Thu, 22 Mar 2018, Olafur Gudmundsson wrote:
The document covers the case that different providers use different signing algorithms BUT does not cover if they use different negative answer approaches, no good answer other than say NSEC with “lies”.
I think the document describes what I think of as a new and clever type of deployment. But it reads as some kind of BCP you could read or skip, mostly based on the title. Maybe change the title to something like Considerations for DNSSEC multi-signer deployments Paul _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop