On Jun 17, 2024, at 09:52, Tim Wicinski <tjw.i...@gmail.com> wrote: > > > > On Mon, Jun 17, 2024 at 12:19 PM Joe Abley <jab...@strandkip.nl> wrote: > On 17 Jun 2024, at 17:54, Tim Wicinski <tjw.i...@gmail.com> wrote: > >> Oh that's a very good point, and does make that assumption. "will be >> valuable if root-servers.net [root-servers.net] is DNSSEC signed" does not >> make that assumption. > > It perhaps narrowly avoids one of the assumptions I mentioned but it still > warmly embraces the other one. > > I still think this text speculates about the future and I still don't know > why we think that is a good idea. > > > The more I think about this, I believe you are correct that we can not make > any assumptions about the future. > > It then feels like that last paragraph is removed. Thoughts?
The paragraph reads: If the "root-servers.net" zone is later signed, or if the root servers are named in a different zone and that zone is signed, having DNSSEC validation for the priming queries might be valuable. The benefits and costs of resolvers validating the responses will depend heavily on the naming scheme used. It is still accurate as it stands, does not lead to an assumption of what name would be signed and, more importantly, strongly indicates that the name that eventually gets signed might be different than root-servers.net. I'm not sure why we would want to remove that. --Paul Hoffman _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
