On Sep 11, 2020, at 7:23 PM, John Levine <jo...@taugh.com> wrote: > > In article <92ca6178-fe2d-407e-97fb-a9e44e264...@icann.org>, > Paul Hoffman <paul.hoff...@icann.org> wrote: >> On Sep 11, 2020, at 4:40 PM, Mark Andrews <ma...@isc.org> wrote: >>> >>> and why is it a RR type at all. >> >> So that the answer can be signed and thus validated. > > It looks to me like all of the servers for a particular zone would > have to return the same AUTHINFO, which seems like a bad idea since > they don't necessarily all have the same features.
At this point, the only information we defined in the draft is for doing client subnet. If there are server sets for a single zone where some do client subnet, and others don't, then your concern is valid. Changing this to an uncacheable, unverifiable EDNS option is easy. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
