>The IESG review caused a lot of text changes due to clarifications that >the IESG members wanted. Yes, much of the text did indeed change but >the authors believed the intent was unchanged at least.
Maybe the authors can explain what the text about DS processing means. I'd like to interpret that as similar to what is in the drafts upto -07. But I don't see how. Draft -07 said "Validating resolver implementations ([RFC9499] section 10) MUST continue to support validation using these algorithms as they are diminishing in use but still actively in use for some domains as of this publication." The current draft says "Validating resolvers MUST treat RSASHA1 and RSASHA1-NSEC3-SHA1 DS records as insecure." I don't see how to write a validating resolver based on this. _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
