DNSSEC mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: dnssec@cafax.se
From: Rob Austein <sra@hactrn.net>
Date: Mon, 10 May 2004 17:57:27 -0400
In-Reply-To: <16825.1084224745@marajade.sandelman.ottawa.on.ca>
Sender: owner-dnssec@cafax.se
User-Agent: Wanderlust/2.10.1 (Watching The Wheels) Emacs/21.3 Mule/5.0 (SAKAKI)
Subject: Re: dnssec: resolver - application communication

perhaps michael now understands why i jumped up and down about fixing
the definition of the cd bit in dnssecbis.  the rfc2535 definition was
sufficiently quirky that its only real effect was to give a recursive
name server permission not to check sigs if wanted to save the effort.
the handling in dnssecbis is different: cd is a statement by the
resolver that it intends to do its own sig checking, and that the
recursive name server should therefore stay the heck out of its way.

please see the handling of the cd bit as specified in the bis drafts,
and if -that- is wrong, please tell us asap.

Follow-Ups:
- Re: dnssec: resolver - application communication
  - From: Miek Gieben <miekg@atoom.net>

References:
- dnssec: resolver - application communication
  - From: Miek Gieben <miekg@atoom.net>
- Re: dnssec: resolver - application communication
  - From: Mike StJohns <Mike.StJohns@nominum.com>
- Re: dnssec: resolver - application communication
  - From: Miek Gieben <miekg@atoom.net>
- Re: dnssec: resolver - application communication
  - From: David Blacka <davidb@verisignlabs.com>
- Re: dnssec: resolver - application communication
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: Re: dnssec: resolver - application communication
Next by Date: Re: dnssec: resolver - application communication
Prev by thread: Re: dnssec: resolver - application communication
Next by thread: Re: dnssec: resolver - application communication
Index(es):
- Date
- Thread

Home | Date list | Subject list