On Mon, 14 Oct 2019, Tony Finch wrote:
John Levine <johnl(_at_)taugh(_dot_)com> wrote:
Unless I missed something, CDS currently only lets you update DS records,
not install them initially.
RFC 7344 did not include bootstrapping, but that was added by RFC 8078.
Sadly it's more like a set of hints rather than an actual protocol...
It's just hand waving. The guys who wrote it know that, but the problem
is that there was no consensus on how to bootstrap. It's a hard problem
since it's sort of inherent that there's nothing other than a DNSSEC
signature that reliably authenticates a DNSSEC record.
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
ietf-smtp mailing list