Mark, On Wed, Mar 05, 2014 at 08:58:23PM +1100, Mark Andrews wrote: > a bit of flip flop but most of the time one is just "On WiFi" at home or
The point is that we're designing a protocol, and "most of the time" won't be good enough to avoid support calls to the ISP help desk. ISP margins are thin enough that it would be a bad thing to build a specification that encourages that even rarely. > I really don't see this as being a issue in practice. Just sign > the zone (all verisons) in the house with the same keys. Stop with > this nonsence idea that you shouldn't sign the internal version > when you are signing the external version. Mark, you're at least jumping ahead to implementation and at worst begging the question. We started with a proposal that did signing in the ISP's server. I was pointing out the consequences of that for DNSSEC. One of the possible solutions is that the "internal version" is unsigned. It would be careless not to list that as one of the possibilities, even if I think that's a foolish outcome. We have to list the possibilities we don't like, too, or else we won't have a clear picture of what we're talking about. Best regards, A -- Andrew Sullivan a...@anvilwalrusden.com _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
