On Thu, 22 Mar 2018, Olafur Gudmundsson wrote:
The document covers the case that different providers use different signing
algorithms BUT does not cover if they use different negative
answer approaches,
no good answer other than say NSEC with “lies”.
I think the document describes what I think of as a new and clever type
of deployment. But it reads as some kind of BCP you could read or skip,
mostly based on the title. Maybe change the title to something like
Considerations for DNSSEC multi-signer deployments
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
