On Fri, 7 Oct 2022, Paul Hoffman wrote:
On Monday, I'll do a new draft with:
What we today call "DNSSEC" is the DNSSEC specification defined in {{RFC4033}},
{{RFC4034}}, and {{RFC4035}}.
However, earlier incarnations of DNSSEC were thinly deployed and significantly
less
visible than the current DNSSEC specification.
"s/and significantly less visible than the current DNSSEC specification/was
never deployed beyond early adopter testing domains
as it had no method of linking parent and child zones securely"
Wording could be changed, but the point is, it could never be
"production deployments" as it required hardcoded keys to build
a path of trust.
Perhaps even:
DNSSEC documents predating {{RFC4033}}, {{RFC4034}}, and {{RFC4035}}
specify obsoleted DNS RRtypes that never saw deployment beyond early
adopter testing, and haven't been deployed in nearly two decades,
and are of no concern to implementers.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
