On 25 Oct 2023, at 10:10, Johan Stenstam <johan.stenstam=40internetstiftelsen...@dmarc.ietf.org> wrote:
> So now there’s a new draft, that further extends the same core idea (locate > the target for the information being sent via a DNS lookup in the parent > zone). However, the new draft > (draft-johani-dnsop-delegation-mgmt-via-ddns-00) proposes that instead of > sending a NOTIFY (triggering a scan from the recipient) the child sends a DNS > UPDATE containing the exact change with a signature that can be verified by > the recipient. I am not at all familiar with SIG(0), so bear with me. What is the key distribution mechanism for the DNS UPDATE originator's public key? RFC 2931 suggests an unsigned KEY RR, I think? Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop