Hi Paul, On 17 Jun 2024, at 21:18, Paul Hoffman <paul.hoff...@icann.org> wrote:
> The paragraph reads: > > If the "root-servers.net" zone is later signed, or if the root servers are > named in a > different zone and that zone is signed, having DNSSEC validation for the > priming queries > might be valuable. > The benefits and costs of resolvers validating the responses will depend > heavily on > the naming scheme used. > > It is still accurate as it stands, does not lead to an assumption of what > name would be signed and, more importantly, strongly indicates that the name > that eventually gets signed might be different than root-servers.net. I'm not > sure why we would want to remove that. It might be technically true (although I could still nitpick about the assumption that the root server names must necessarily live in a zone other than the root) but I don't think it's useful. I think the paragraph is at best pointless to leave in, and at worst has the potential not to age well. I agree with Tim's suggestion that the document would be improved if that paragraph was removed. Or his idea or his question or whatever it is proper for Tim to do depending on what hat he was wearing. I think any work about naming the root servers or whether the records attached to those names would be better to leave to a different, future document. Joe _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
