But is it really used like this? Or will it ever? Ondrej -- Ondřej Surý ond...@isc.org
> On 19 Jun 2018, at 23:04, Tony Finch <d...@dotat.at> wrote: > > Ondřej Surý <ond...@isc.org> wrote: >> >> Do people think the SIG(0) is something that we should keep in DNS and >> it will be used in the future or it is a good candidate for throwing off >> the boat? > > SIG(0) is the only DNS feature that (could) allow unauthenticated client > access to an authenticated server, which would allow > > * secure inteerface to resolver (maybe with SIG(0) + TKEY -> TSIG, > but now probably better to use TLS or DoH) > > * secure stealth secondaries (maybe TLS support would be better) > > Tony. > -- > f.anthony.n.finch <d...@dotat.at> http://dotat.at/ > an equitable and peaceful international order _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
