DNSSEC mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Miek Gieben <miekg@nlnetlabs.nl>
Cc: dnssec@cafax.se
From: Simon Josefsson <simon+dnssec@josefsson.org>
Date: Tue, 03 Jul 2001 22:26:04 +0200
Delivery-Date: Wed Jul 4 09:39:27 2001
In-Reply-To: <20010629164116.A18172@atoom.net> (Miek Gieben's message of"Fri, 29 Jun 2001 16:41:16 +0200")
Sender: owner-dnssec@cafax.se
User-Agent: Gnus/5.090004 (Oort Gnus v0.04) Emacs/21.0.103
Subject: Re: ttl problems in DNSSEC

Miek Gieben <miekg@nlnetlabs.nl> writes:

>> [1]: perhaps the resolver is able to detect this situation by
>> comparing the key tag field on S++2(A) with K++1, and then try get
>> more recent data.
>
> then you propose that if data is BAD an extra query for the key most be
> done? I'm afraid this will yield too many extra queries...

I propose that the resolver should find the key used to sign data
which the resolver wants to verify -- in your situation the resolver
would have to do something more, because the answer from DMZ1 wasn't
sufficient.  The resolver should not be satisfied until it either
receive the signed key or receive a proof that it doesn't exists.
Hm. I think.

References:
- ttl problems in DNSSEC
  - From: Miek Gieben <miekg@nlnetlabs.nl>
- Re: ttl problems in DNSSEC
  - From: Simon Josefsson <jas@extundo.com>
- Re: ttl problems in DNSSEC
  - From: Miek Gieben <miekg@nlnetlabs.nl>

Prev by Date: Re: I-D ACTION:draft-ietf-dnsext-dnssec-opt-in-00.txt
Next by Date: I-D ACTION:draft-ietf-dnsext-dnssec-opt-in-00.txt
Prev by thread: Re: ttl problems in DNSSEC
Next by thread: Re: ttl problems in DNSSEC
Index(es):
- Date
- Thread

Home | Date list | Subject list