On Feb 12, 2019, at 10:03 PM, zuop...@cnnic.cn wrote: > that's ture. but in my view, if the trust chain is built, we can ensure a > resolver(or a cache) is always talking to a identified server and the channel > is always secure, then the content could not be tampered.
Your model of how the DNS actually works is too simplistic. Regards, -drc
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
