[as an individual]
On 7/10/18 9:59 AM, Paul Wouters wrote:
It seems more like an extension of the Public Suffix. Which domains can
make claims about other domains.
Based on the conversation that took place in DoH in Singapore, I think
it's mostly *not* about this. The questions that have come up so far
include: (a) If the record that is pushed to me is DNSSEC signed, is
that sufficient to trust it? (b) If the record that is pushed to me is
not DNS signed, but I'm using it in a context that requires TLS (e.g.,
HTTPS), and the thing that I connect to when I use the record can
present a cert that proves its identity, is that okay?
There *might* be some useful discussion that includes applying the PSL
to determine who can vouch for what, but I would expect this to be of
significantly lower priority; and, given DBOUND's recent failure, I
doubt there's useful IETF work to be done in that space, at least for
the time being.
/a
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
