To:
lewis@tislabs.com (Edward Lewis)
Cc:
mohta@necom830.hpcl.titech.ac.jp, lewis@tislabs.com, dnsop@cafax.se
From:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date:
Fri, 14 Apr 0 1:20:37 JST
In-Reply-To:
<v03130317b51b9eca60b9@[10.33.10.14]>; from "Edward Lewis" at Apr 14, 100 1:11 am
Sender:
owner-dnsop@cafax.se
Subject:
Re: Off-tree validation
Edward; > >The answer can be: secured, not secured or unknown (because of server > >failure or DoS). > > Depends on which side you are looking at the problem from. You are not looking at the problem. > If I get an answer from a zone that has no SIG record attached, should I > seek the SIG record? If I can be reliably (securely) told that the zone > has not signatures, I will accept the answer as it is. If you need security, you can't accept the answer and the result is no different from the case of: > If I am told nothing, If you don't need security, you don't need security. > If I am told nothing, I should be able to identify the > point at which the uncertainty starts, and if I am a problem solver, I know > where to begin. There is no problem to solve, here. Masataka Ohta