On Dec 10, 2020, at 4:14 PM, Mark Andrews <ma...@isc.org> wrote: > > Before going on I would really like to know what operational problem is being > attempted to be solved by signing delegating information? > > Fujiwara-san has presented the draft without specifying what problem it is > attempting to solve. The fact the records are not signed is a observation > not a problem per say.
Asking for stated use cases! Yay! In DPRIVE, there is a desire to TLSA records to authenticate authoritative servers. In order to do that without getting into a chicken-and-egg loop, the parent needs to authenticate the NS records of the child authoritative server. If child NS records were already signed in the parent, that solves this use case. They aren't, so we're thinking of ways to authenticate child NS records from the parent. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop