On Thu, 22 Mar 2018, Olafur Gudmundsson wrote:

The document covers the case that different providers use different signing 
algorithms BUT does not cover if they use different negative
answer approaches, 
no good answer other than say NSEC with “lies”. 

I think the document describes what I think of as a new and clever type
of deployment. But it reads as some kind of BCP you could read or skip,
mostly based on the title. Maybe change the title to something like

        Considerations for DNSSEC multi-signer deployments

Paul

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to