Ondřej Surý <ond...@isc.org> wrote:
>
> Do people think the SIG(0) is something that we should keep in DNS and
> it will be used in the future or it is a good candidate for throwing off
> the boat?
SIG(0) is the only DNS feature that (could) allow unauthenticated client
access to an authenticated server, which would allow
* secure inteerface to resolver (maybe with SIG(0) + TKEY -> TSIG,
but now probably better to use TLS or DoH)
* secure stealth secondaries (maybe TLS support would be better)
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
an equitable and peaceful international order
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
