On Mon, Mar 19, 2018 at 07:49:45PM +0000, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote a message of 30 lines which said:
> The 'delegation-only' flag does not *by itself* prevent parent > domains from answering authoritatively for their child domains, but > it could make "certificate-transparency" more tractable for DNSSEC. I don't think that you replied to Bob's remark. He said that the proposal is useless because it addresses only the case of "answering authoritatively for their child domain", not the "directing child domain to someplace". > Without the proposed flag, one would also have to log denial of > existence There is no denial of existence in the attack explained by Bob. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
