> for instance a DoH or DoT server that intentionally or accidentally returns > false data. DNSSEC can counter that. I dont understand why. If a server intentionally returns false data , it can fake anything because it owns the private key, DNSSEC does not help either. > Indeed. That’s yet another reason why transiting trust is hard.
YES. this proposal also needs support from the root.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
