On Dec 10, 2020, at 19:25, Paul Hoffman <paul.hoff...@icann.org> wrote:
> In DPRIVE, there is a desire to TLSA records to authenticate authoritative > servers. In order to do that without getting into a chicken-and-egg loop, the > parent needs to authenticate the NS records of the child authoritative server. I haven't been following dprive recently. Is there a particular document that expresses the problem statement above in more detail? "Authenticate authoritative servers" is a bit vague for me. Parent and child are namespace concepts and not relying parties that you'd ordinarily expect to be able to authenticate anything. Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop