Hi Paul, On Jul 3, 2019, at 20:40, Paul Hoffman <paul.hoff...@icann.org> wrote:
> If we want DNSSEC signing, we have to use the DNS reverse tree for the names, > even though only a tiny percent of that tree will be signed. Aside from those parts of the in-addr.arpa and ip6.arpa domains that correspond to special-use and unassigned addresses, I don't believe there's any operational or protocol reasons that both domains couldn't be completely signed today. I'm aware that is not the case, but you sound oddly definitive in your statement above. Can you say more about what you mean? Is it a prediction, or a measurement, or a mixture, or something else? Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
