It appears that Brian Dickson <brian.peter.dick...@gmail.com> said: >-=-=-=-=-=- > >This is the work I will be submitting in DNSOP. > >This is what has been described as a “hack”, but provides a needed validation >link for authoritative servers where the latter are in >signed zones, but where the served zones may not be signed. > >NB: It overlaps with the recent DPRIVE draft that Ben S submitted recently. > >It will likely be the case that those overlaps need to be reconciled, based on >use cases and scope.
It looks to me like the main difference between the drafts is that Ben's scheme uses one new faux algorithm and puts the rrtype inside the encapsulated data, while yours uses one per rrtype. The goals look a little different but other than where the rrtype is encoded the mechanisms look the same. In both drafts I would like to see clearer explanations of what you do when the signed glue disagrees with their authoritative non-glue versions. I'm having some trouble figuring out exactly what "authoritative" means here. R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop