Indeed, I did read draft-fujiwara-dnsop-resolver-update wrong. It does try to be purely parent-centric.
> The > best an attacker can do is to spy by redirecting traffic, I think this is one of the main things the revalidation draft is trying to solve for DNSSEC signed zones. It also gives additional protection for unsigned zones. Do we want to write a BCP 'Spying is fine'? _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
