On Tue, 2021-11-09 at 04:55 +0100, Peter Thomassen wrote: > The problem occurs because bootstrapping records cannot be at the > apex (as to not overload the meaning of apex CDS/CDNSKEY records), > but by "inheriting" the structure under dedyn.io, a situation arises > where this condition is not met.
Following Peter's argument, a solution that avoids hashing requires to use new record types for bootstrapping in order to avoid confusion with the original meaning of CDS/CDNSKEY records. This would increase implementation work for the proposal quite a lot, as currently no changes to popular auth NS software is needed. Nils -- deSEC e.V. · Kyffhäuserstr. 5 · 10781 Berlin · Germany Vorstandsvorsitz: Nils Wisiol Registergericht: AG Berlin (Charlottenburg) VR 37525 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
