[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNSSEXT Yokohama Minutes

To: namedroppers <namedroppers@ops.ietf.org>
Subject: Re: DNSSEXT Yokohama Minutes
From: Paul Vixie <paul@vix.com>
Date: Mon, 16 Sep 2002 14:20:52 +0000
In-reply-to: Message from Edward Lewis <edlewis@arin.net> of "Sat, 14 Sep 2002 10:44:44 -0400."<a05111b07b9a8fa7d4cff@[193.0.9.238]>

> >it's starting to seem to me that answers containing NXT should include an
> >SOA in the authority section.  (even though that means nonauthoritative
> >servers will have to cache them, which today is illegal.)  when new secure
> >(verified) data arrives with a later SOA.SERIAL, all the older cached data
> >for that zone becomes invalid.
> 
> NXT's are already supposed to only be signed by the zone key.  Isn't 
> that sufficient to identify the authority - or is there something 
> else needed out of the SOA RR RDATA?

if there's enough info in the signature to be able to tell what other cached
data you should preexpire, then no.  however, i don't think that's the case;
all you can know, afaik, is that the records you're holding were signed less
recently than the records you're now receiving.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- Re: DNSSEXT Yokohama Minutes
  - From: Edward Lewis <edlewis@arin.net>

Prev by Date: Re: DNSSEXT Yokohama Minutes
Next by Date: Re: DNSSEXT Yokohama Minutes
Previous by thread: Re: DNSSEXT Yokohama Minutes
Next by thread: Re: DNSSEXT Yokohama Minutes
Index(es):
- Date
- Thread