On May 28, 2021, at 11:30 AM, John Levine <jo...@taugh.com> wrote: > Bonus question: why is the reply a new EDNS option rather than just adding > the SOA record to the additional section? If you do that you can add RRSIG > to show you're telling the truth.
Because SOA does not now normally appear in the Additional section, and because the Additional section does not normally have RRSIGs. Proposing a new EDNS0 option causes much less epistemological grief than extending the semantics of the Additional section. Having said that, I believe that a possible draft-ietf-dnsop-additional-section-as-kitchen-sink is actually a good idea. If the WG like it, "SOA of this response" and "signed SOA of this response" would certainly fit there. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
