"John" == John C Klensin <john-ietf(_at_)jck(_dot_)com> writes:
John> If anything, the text now says too much because introductory
John> statements like "The basic mechanism for successful use of URI
John> works..." strongly imply that use of, and reliance on, DNSSEC
John> is the only way to accomplish successful (and safe) use. The
John> current Security Considerations section could be equated to an
John> Applicability Statement that said "unless DNSSEC is used, and
John> used as specified in this document, use of the URI RR is NOT
John> RECOMMENDED". I don't think that is either intended or
John> justified.
I do think an applicability statement that says this RR is inappropriate
for situations where authentication of the accessed resource is desired
and DNSSec is not used. I think that's justified and hoped something
like that was intended by section 7.
I agree that there are uses where you don't care about the
authentication of the accessed resource where DNSSec is not required.