On Jan 6, 2021, at 16:30, Paul Hoffman <paul.hoff...@icann.org> wrote: > > On Jan 6, 2021, at 1:19 PM, Paul Wouters <p...@nohats.ca> wrote: >> Remember also that TLS ciphers are negotiated. > > A better analogy might be "although TLS key exchange and encryption ciphers > are negotiated, the signing algorithm on the server's certificate is not > negotiated". DNSSEC signing is much more akin to the latter, I think. > >> There is no negotiation >> in DNSSEC. > > Quite right, just as there is no negotiation for the authentication in TLS.
I stand corrected. You are right. Paul _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
