To:
dnssec@cafax.se
From:
Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date:
Mon, 10 May 2004 11:46:23 -0400
In-Reply-To:
Message from Jim Reid <jim@rfc1035.com> of "Mon, 10 May 2004 16:14:56 BST." <9632.1084202096@gromit.rfc1035.com>
Sender:
owner-dnssec@cafax.se
Subject:
Re: dnssec: resolver - application communication
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Jim" == Jim Reid <jim@rfc1035.com> writes:
Jim> I agree. And if something gets a SERVFAIL, how's it supposed to figure
Jim> out if that was or wasn't caused by a validation failure?
David> A better question might be:
David> * Must (Should?) applications be able to distinguish
David> between DNSSEC related failure and other forms of failure?
Jim> This is a very good question. And the answer is yes IMO.
Yes, yes, yes.
SERVFAIL is NOT enough. I've been saying that over and over again for
some time now :-)
Chairs:
I would like to suggest that this is a big piece of work, and that it
should be split into into a seperate effort. We keep coming back to
this, and it needs to be resolved, but I don't think it needs to hold
up rfc2535bis.
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQJ+jzoqHRg3pndX9AQHKkwQAwJ8EzUFlr9o/rYJa7z8wFpe8rnVwSG6+
O3LnH8E+J3Oqpun2vRYnVnRVEx9pCIeFuhY+tOosQk1zDE62Qb6KEbKC6Y4mS0Jf
Ba3kxZPqncHWXNzJxwTYRRTAJh4U76b08ewooahvfclWtyT7u8P238g4F1iiDBep
tbtuskbpwXk=
=vcLX
-----END PGP SIGNATURE-----