On 28. 06. 22 16:20, Bob Harold wrote:
> But the parent NS set is not covered by DNSSEC, and thus could be
spoofed??
> (Wish we could fix that!)
I share your wish.
Does anyone else want to contribute?
Can people here share their memories of why it is not signed? I wasn't
doing DNS when this was designed and I think it would be good to
understand the motivation before we start proposing crazy things.
Thank you for your time.
--
Petr Špaček
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
