> On Mar 25, 2019, at 3:47 PM, Olli Vanhoja <o...@zeit.co> wrote: > >> Section 3.2. discussion: Unless there's a potential benefit to non-apex >> ZONEMD records that I'm not seeing, I think it makes sense to forbid them. >> Was there a particular thing that could be enabled by that, which prompted >> the suggestion? > > I agree with this. I believe it would create unnecessary complexity. > For example, which records would such a digest cover? Would the apex > record cover also the records covered by this subdigest?
Matt / Olli, I'm not aware of anything that could be enabled by non-apex ZONEMD records. My preference would be to forbid non-apex ZONEMD records. I guess my concern was just that it means implementors need to check for this and treat the RR type somewhat specially, as they do for SOA and maybe a couple other RR types. DW
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
