This is the work I will be submitting in DNSOP.
This is what has been described as a “hack”, but provides a needed validation
link for authoritative servers where the latter are in signed zones, but where
the served zones may not be signed.
NB: It overlaps with the recent DPRIVE draft that Ben S submitted recently.
It will likely be the case that those overlaps need to be reconciled, based on
use cases and scope.
I think there are valuable use cases other than privacy, which would make this
more appropriate for DNSOP.
Comments are welcome.
The draft can be found at:
https://www.ietf.org/archive/id/draft-dickson-dnsop-ds-hack-00.txt
Brian
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop