To:
Scott Rose <scottr@antd.nist.gov>
Cc:
DNSEXT WG Mailing list <namedroppers@ops.ietf.org>, dnssec@cafax.se
From:
Roy Arends <Roy.Arends@nominum.com>
Date:
Wed, 6 Jun 2001 04:03:09 +0200 (CEST)
Delivery-Date:
Wed Jun 6 07:56:11 2001
In-Reply-To:
<Pine.BSF.4.21.0106060250120.268-100000@node10c4d.a2000.nl>
Sender:
owner-dnssec@cafax.se
Subject:
Re: null DK records at the parent
On Wed, 6 Jun 2001, Roy Arends wrote: > [cross-posted reply to dnssec@cafax.se] > > On Tue, 5 Jun 2001, Scott Rose wrote: > > > I haven't seen much discussion about the DK record draft on this or = [snip] > In any case, important is when a child is bad: > only if the parent states that a child is secure, and the child can > not offer valid signatures. Defining valid in this case: No sigs or > corrupt sigs. Eh, skip that, this should read: In any case, important is when a child is considered bad by a secure-resolver : only if the parent states that a child is secure, and the child can not offer valid keys or signatures. Defining invalid in this case: No sigs/keys or corrupt sigs/keys. Regards, Roy Arends Nominum