[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Protection of unsecured delegations

To: namedroppers@ops.ietf.org
Subject: Re: Protection of unsecured delegations
From: Paul Vixie <paul@vix.com>
Date: Fri, 21 Dec 2001 10:34:05 -0800
In-reply-to: Message from "Larson, Matt" <mlarson@verisign.com> of "Fri, 21 Dec 2001 10:11:48 EST."<3CD14E451751BD42BA48AAA50B07BAD6EEFCC8@vsvapostal3.bkup6>

> > I can see resolvers doing any of:
> > 
> > [a] Do the lookup and only return trusted data.  Not useful to me
> > until everyone I care about has opted in..
> > 
> > [b] If there's trusted data anywhere on the path, return the first
> > trusted answer, otherwise return the first non-trusted answer.
> > 
> > [c] Return the first name along the path for which a query returns
> > some data.
> 
> Maybe I'm the only one, but I'm sorry, I don't understand your [b] or [c].
> 
> For [b], what do you mean "return the first trusted answer" and "first
> non-trusted answer"?  I don't understand "first" in this context.

see the "search" directive of /etc/resolv.conf.

bill's examples are the first i've seen of how common applications will
benefit from dnssec.  counter proposals should look like API specifications.


to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.

References:
- RE: Protection of unsecured delegations
  - From: "Larson, Matt" <mlarson@verisign.com>

Prev by Date: RE: mdns-08 draft
Next by Date: Re: mdns-08 draft
Previous by thread: RE: Protection of unsecured delegations
Next by thread: Re: Protection of unsecured delegations
Index(es):
- Date
- Thread