On Wed, Feb 17, 2010 at 11:01:38AM -0500, Phillip Hallam-Baker wrote: > One mechanism that was unfortunately pushed asside as a result of the > fixation on end to end DNSSEC would be to for the resolver to use > DNSSEC (and other methods) to authenticate the data it receives and to > use some modification of TSIG to authenticate the communication > between client and resolver. Whatever made you think that had been "pushed aside"? And it seems to me SIG(0) will work better. A -- Andrew Sullivan ajs@xxxxxxxxxxxx Shinkuro, Inc. _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf