In article <alpine.lrh.2.21.1905151256480.22...@bofh.nohats.ca> you write: > 3. Retrieving Resolver Information by Well-Known URI > >You offer a non-DNS method that can deliver (channel) authenticated >answers, but you don't allow DNSSEC (data origin) authenticated answers?
It's information about the resolver. What's the data origin for info about the resolver at some random IP address? If there's some way to get a validated SSL cert for an IP address you can at least have some confidence that the URI served from the IP is under the same control as the resolver on that IP. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop