In article <CADZyTk=y5RC3_mEROYF0mro0=ndxs3qbgsh7nuj6kglwogj...@mail.gmail.com> you write: > >My understanding of the draft is that it attempts to prevent a key to sign >a RRset it is not necessarily authoritative for.
If that's what it means, that's what it should say. As I read it, the flag it defines says that the zone will only sign NS and DS and perhaps the occasional _flag. The 95,000 signed A and AAAA records I found in TLD files are all authoritative, since there is no zone cut between them and the TLD. But that's over 200 TLDs which this proposal would not apply to. Perhaps we should ask some TLD operators if they'd be interested. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
