Hi all
It seemed that the objective (or an objective) of what is desired is for
a webpage to have an <img src=""> and also push an address record for
the hostname in the src URL.
We talked about DNSSEC and certificate signing and such. If the host
serving this webpage to the browser has control over the webpage's
content (e.g., the contents of that src attribute), and the webpage's
contents are already authenticated by TLS, then why does an address
record have to be separately authenticated?
Why can't the webpage contain the addresses of the hostname in the URL,
in another attribute of that element? Does it have to be separately
signed via DNSSEC and certificates? The webpage can tell the browser to
fetch the img resource from anyplace it wants to - it can very well
specify an IP address instead of the hostname - the webpage controls
it. Why can't it, for *that* element, provide the target address in an
attribute without any additional signatures, given that the webpage's
content itself is authenticated via TLS?
Mukund
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
