A review of: https://tools.ietf.org/html/draft-huston-kskroll-sentinel-04
This is not a blow-by-blow, nit picking review, but tries to dive into
archtecture level issues:
1. I don't think the Root Zone should be specifically called out, this
mechanism ought to work for any domain name.
The Int
On Tue, Nov 14, 2017 at 08:47:25AM +,
Viktor Dukhovni wrote
a message of 27 lines which said:
> > RCODE: SUCCESS (NODATA)
> > Extended code: ERRBLACKLIST
> > Explanation: "Client blacklisted for IPv6 queries"
>
> Well, once we're in the "lying with DNS" business, we hardly need
> to restr
On Mon, Nov 20, 2017 at 01:10:43PM +, Tony Finch wrote:
> Viktor's message has lots of sound advice, though I have one correction:
>
> > This language really should have been much more clear. In particular,
> > the last item warrants clarification. It is critical that the CA
> > determine t
On Tue, Nov 21, 2017 at 3:54 PM, Viktor Dukhovni wrote:
> On Mon, Nov 20, 2017 at 01:10:43PM +, Tony Finch wrote:
>
>> Viktor's message has lots of sound advice, though I have one correction:
>>
>> > This language really should have been much more clear. In particular,
>> > the last item warr
