[Dnssec-deployment] not ANY (Re: CAT is signed )
fweimer at bfk.de
Thu Jul 1 10:41:09 EDT 2010
* Paul Vixie:
>> From: Florian Weimer <fweimer at bfk.de>
>> Date: Thu, 01 Jul 2010 08:51:48 +0000
>> Anyway, this still doesn't answer the question why would you want
>> ICANN to revoke TLD delegations ...
> never said that, never wanted that, would never want that.
> all i want is for icann to be able to remove one NS RR out of an NS RRset
> under the following conditions:
Okay, I misread what you wrote, sorry about that.
Don't the trust rules in RFC 2181 suggest that this measure is not
effective at all? Even delegation-centric zones serve a positive,
authoritative answer once they are signed, and resolvers are
encouraged to make use of the authority information contained in it.
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the Dnssec-deployment