On Tue, Apr 10, 2018 at 11:32:18AM +0100, Tony Finch wrote:
> Before the root zone was signed, [isc.org](https://www.isc.org)
> created a mechanism called "DNSSEC lookaside validation", which
> allowed "islands of trust" to publish their trust anchors in a special
> `dlv.isc.org` zone, in a way tha
I posted the following on my blog yesterday evening, but I'm posting a
tweaked copy here since this WG is the main target audience.
In order to improve the robustness of Cambridge's DNSSEC setup, I want a
revamped, localized DLV to act as an enterprise trust anchor distribution
mechanism.
Kind-of