In article <alpine.lrh.2.21.1808102138510.16...@bofh.nohats.ca> you write: >I am not objecting other then having 0 desire to help out unsigned zones >replace origin >security with transport security.
The way that ZONEMD is defined in the draft, it's not very useful if the ZONEMD record isn't signed. Otherwise the malicious party can just recompute the hash over the tampered zone. R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
