What precisely was the antecedent of “this” in your message? Re-reading it, I’m not clear which sentence you were referring to.
The only reasons I can think of for not keeping DNSSEC signed RRs are storage and/or performance, and we think those concerns should not be the driving force in logging requirements (within reason). Are there other good reasons not to keep the DNSSEC signed RRs associated with DNSSEC CAA lookups? -Tim
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy