On Tue, Aug 10, 2021 at 1:55 PM Paul Hoffman <paul.hoff...@icann.org> wrote:
> Greetings again. In the DPRIVE WG, we are discussing a proposal that would > make encrypting transport on a first lookup more likely using a DS hack. > Whether or not that becomes a WG item in DPRIVE, it reminded me that DNSOP > had not finished with draft-ietf-dnsop-ns-revalidation, and that this draft > could be expanded beyond revalidating just NS RRsets to revalidating all > glue. > Paul, I think that's a reasonable thing to consider (and I suspect some resolvers may already revalidate glue), as long as it's done lazily (or in parallel) and doesn't interpose additional delay in following a referral. I'll await other comments .. But I'm trying to better understand the connection to the DS hack draft (I've not followed it very closely, I'll admit). Does it require or benefit from glue revalidation? Isn't the child zone owner explicitly putting its NS name and addresses into the hacked DS record at the parent? Given the results of the survey and the possible cross-WG interest, I'd > like to see draft-ietf-dnsop-ns-revalidation moved forward in DNSOP sooner > rather than later. > I'm working on the remaining loose ends and plan to push another update soon. Shumon.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
