`To follow up on this discussion, I've talked with Paul and I'm OK with leaving the last paragraph of section 3.3 in place. Joe Abley has been the only other outspoken one on this.
I have the feeling/consensus/vibes that the latest version makes the text clearer. We will discuss this with Warren later today with the opinion the document is ready to passed back to him. Please speak up if you feel otherwise tim On Mon, Jun 17, 2024 at 5:14 PM Paul Hoffman <paul.hoff...@icann.org> wrote: > On Jun 17, 2024, at 13:39, Joe Abley <jab...@strandkip.nl> wrote: > > > > Hi Paul, > > > > On 17 Jun 2024, at 21:18, Paul Hoffman <paul.hoff...@icann.org> wrote: > > > >> The paragraph reads: > >> > >> If the "root-servers.net" zone is later signed, or if the root servers > are named in a > >> different zone and that zone is signed, having DNSSEC validation for > the priming queries > >> might be valuable. > >> The benefits and costs of resolvers validating the responses will > depend heavily on > >> the naming scheme used. > >> > >> It is still accurate as it stands, does not lead to an assumption of > what name would be signed and, more importantly, strongly indicates that > the name that eventually gets signed might be different than > root-servers.net. I'm not sure why we would want to remove that. > > > > It might be technically true (although I could still nitpick about the > assumption that the root server names must necessarily live in a zone other > than the root) but I don't think it's useful. > > I find it useful, but I see that it is also off-topic for current priming. > Please note that the first sentence was actually part of RFC 8109, and I > don't remember people objecting to it then. > > --Paul Hoffman > >
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
