On 2023-03-28 05:51 -07, Paul Vixie <paul=40redbarn....@dmarc.ietf.org> wrote: > see inline. > > Viktor Dukhovni wrote on 2023-03-27 18:00: >> [ Multi-response to four upthread messages. ] >> ------- >> ... >> A possibly inconvenient question, just to make sure we're not >> ignoring >> the obvious sceptical position: >> * How compelling is compact DoE? > > that may depend on the beholder's eye. for perspective, no root name > server has deployed this alternative form of Denial of Existence, and > i believe this includes the f-root anycast instances operated by > cloudflare under ISC's management. root name servers receive an awful > lot of junk, and aren't in general overfunded, so if compactness of > DoE was compelling for anybody, it seems like it would be for > them. yet:
It would be scary if any of the root name servers could deploy this because that meant that they have access to the zone signing private key. Which they don't. -- In my defence, I have been left unsupervised. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
