On Thursday, 5 September 2019 20:48:34 UTC Paul Wouters wrote: > [DLV] was very useful at the beginning, especially before the root was signed. > I used it to get DNSSEC from a number of TLDs and could not have done that > without DLV. me too. if the first production use of dnssec had been the day .COM was signed, then deployment would be even less advanced today than it is. > It served its purpose well, and it should be formally retired and this > document should get published. sam weiler argued unsuccessfully that trust should not be required to follow the delegation path, and with a decade or more of perspective i can see that he was right. however, DLV as specified and implemented would not be the mechanism i'd propose if non-hierarchical trust had to scale. right now private distribution of static trust anchors is working as well as it has to. -- Paul
