[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


To: Scott Rose <scottr@antd.nist.gov>
Cc: DNSEXT WG Mailing list <namedroppers@ops.ietf.org>, dnssec@cafax.se
From: Roy Arends <Roy.Arends@nominum.com>
Date: Wed, 6 Jun 2001 04:03:09 +0200 (CEST)
Delivery-Date: Wed Jun 6 07:56:11 2001
In-Reply-To: <Pine.BSF.4.21.0106060250120.268-100000@node10c4d.a2000.nl>
Sender: owner-dnssec@cafax.se
Subject: Re: null DK records at the parent

On Wed, 6 Jun 2001, Roy Arends wrote:

> [cross-posted reply to dnssec@cafax.se]
> 
> On Tue, 5 Jun 2001, Scott Rose wrote:
> 
> > I haven't seen much discussion about the DK record draft on this or =
[snip]

> In any case, important is when a child is bad: 
>    only if the parent states that a child is secure, and the child can
>    not offer valid signatures. Defining valid in this case: No sigs or
>    corrupt sigs.

Eh, skip that, this should read:

In any case, important is when a child is considered bad by a
secure-resolver :
   only if the parent states that a child is secure, and the child can
   not offer valid keys or signatures. Defining invalid in this case: No
   sigs/keys or corrupt sigs/keys.

Regards,
 
Roy Arends
Nominum



Home | Date list | Subject list